Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsExplicit Consent and GDPR Consent Management
Author: Clarip Director of Sales
explicit – (adj). fully and clearly expressed or demonstrated; leaving nothing merely implied; unequivoval
Those eight letters – EXPLICIT – are the reason that so many Chief Privacy Officers, IT Security professionals, and General Counsels are losing sleep these days. With the rapid approach of 2108 and hence, the imminent enforcement of GDPR shortly thereafter, the rush is on for all retailers, suppliers, vendors – quite literally EVERYONE – that collect customer data. Come May 25, 2018, GDPR will “harmonize data privacy laws across Europe, protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data privacy (EUGDPR.org).”
For companies here in the United States, the guiding principle has been IMPLIED consent up until now. If you, like me, tend to look at long privacy and disclosure notices and continue using the site, you have given those companies –willingly or unwillingly– your implied consent to, amongst other things, use your personal data for “legitimate business purposes.” However, in the era of big data, predictive analytics, and large algorithms, many privacy experts have long argued that the “playing field” has begun to shift too dramatically to the company’s advantage. As a consequence, with the passage of GDPR, the E.U. has largely shifted that paradigm by now putting the onus on companies to obtain EXPLICIT consent.
According to the Information Commissioner’s Office (ICO), “the requirements for explicit consent are – any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”
Further, according to the technology firm SAS, “under the GDPR, consent is per purpose, specific, might change over time and applies to a single type of interaction or channel. In GDPR terms, this is also known as explicit consent. Such explicit consent is given for a specific purpose — and might only affect a portion of the personal data collected and stored. Unfortunately, in most IT systems, a way to account for and track purpose does not exist.”
In layman’s terms, what that means is that a company must, amongst other things, divest consent from other terms and conditions, offer an easy way to withdraw consent at any time, and provide documentation upon request or face a large fine. Taken together, this is a fundamental shift in the way in which consumers and businesses interact and all companies will be affected, either directly or indirectly.
To learn more about the explicit consent requirements of GDPR as well as how to protect yourself from violations, please visit us at www.clarip.com. Clarip is an AI based data and consent management platform that can help protect you from needless liability and exposure. As GDPR is less than 7 months away, there is no time to waste!
More from Clarip:
Are you ready for the new CA privacy law? Start preparing compliance efforts with Clarip for the California Consumer Privacy Act. Enforcement starts January 1, 2020 so better start planning funding in your 2019 budget now.
