Originally posted by cojak
View Post
- Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
- Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
Reply to: GDPR written consent requirements
Collapse
You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:
- You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
- You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
- If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
Logging in...
Previously on "GDPR written consent requirements"
Collapse
-
-
Originally posted by madame SasGuru View PostEven that isn't clear
Does this mean I can ask once for all purposes or should they be separated out individually - I ask as I'm seeing people doing both.
What you can't do is get consent for one thing and then use the data for something else without telling the subject or their consenting to it.
Leave a comment:
-
Originally posted by DaveB View PostIf you want to go to the source material Article 7 of the GDPR covers consent in conjunction with Recital 32
Article 7 states :
Recital 32 states:
Recitals 33, 42 and 43 give further context.
When the processing has multiple purposes, consent should be given for all of them.
Leave a comment:
-
If you want to go to the source material Article 7 of the GDPR covers consent in conjunction with Recital 32
Article 7 states :
Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.
If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. Any part of such a declaration which constitutes an infringement of this Regulation shall not be binding.
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.
This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data.
Silence, pre-ticked boxes or inactivity should not therefore constitute consent.
Consent should cover all processing activities carried out for the same purpose or purposes.
When the processing has multiple purposes, consent should be given for all of them.
If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.Last edited by DaveB; 22 March 2018, 09:08.
Leave a comment:
-
Also wrong that Consent is the only option.
There are 6 criteria under which lawful processing can take place, consent is only one if them.
(a) Consent:*the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract:*the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation:*the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests:*the processing is necessary to protect someone’s life.
(e) Public task:*the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests:*the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
For the other 5 you need to provide a clear, unambiguous Privacy Statement that details what information you will hold, why you hold it, who it may be shared with and what you will do with it. You also have to give the individual the following rights relating to the information you hold.
the right to be informed
the right of access
the right to rectification
the right to erasure
the right to restrict processing
the right to data portability
the right to object
the right not to be subject to automated decision-making including profiling.
Leave a comment:
-
They are wrong.
There should be a clear request for consent and no pre-ticked boxes are to be used.
I think they probably got confused by the ‘no pre-ticked box’ reference and took it to mean no boxes can be ticked.
https://ico.org.uk/media/about-the-i...ion-201703.pdf
Leave a comment:
-
GDPR written consent requirements
I attended a local Chamber of Trade today to be further informed of GDPR requirements on SMEs and Local Government procedures.
We were determinedly told by a supposedly knowledgeable person that a physically signed consent is required by all EU users rather than a user selected tick box giving consent for information to be stored and used.
I (again) determinedly stated that the physical signing was not required but was told it definitely is a requirement.
Am I wrong, is a physical signature required under any conditions.Tags: None
- Home
- News & Features
- First Timers
- IR35 / S660 / BN66
- Employee Benefit Trusts
- Agency Workers Regulations
- MSC Legislation
- Limited Companies
- Dividends
- Umbrella Company
- VAT / Flat Rate VAT
- Job News & Guides
- Money News & Guides
- Guide to Contracts
- Successful Contracting
- Contracting Overseas
- Contractor Calculators
- MVL
- Contractor Expenses
Advertisers
Contractor Services
CUK News
- Labour’s plan to regulate umbrella companies: a closer look Nov 21 09:24
- When HMRC misses an FTT deadline but still wins another CJRS case Nov 20 09:20
- How 15% employer NICs will sting the umbrella company market Nov 19 09:16
- Contracting Awards 2024 hails 19 firms as best of the best Nov 18 09:13
- How to answer at interview, ‘What’s your greatest weakness?’ Nov 14 09:59
- Business Asset Disposal Relief changes in April 2025: Q&A Nov 13 09:37
- How debt transfer rules will hit umbrella companies in 2026 Nov 12 09:28
- IT contractor demand floundering despite Autumn Budget 2024 Nov 11 09:30
- An IR35 bill of £19m for National Resources Wales may be just the tip of its iceberg Nov 7 09:20
- Micro-entity accounts: Overview, and how to file with HMRC Nov 6 09:27
Leave a comment: