Verbal Consent under GDPR
Does the GDPR allow verbal consent? Given the documentation requirements of the law, one might expect the answer to be no. However, it turns out that it is allowed as long as certain conditions are met. This makes sense since so much of business and customer service is conducted over the telephone. It would require a radical change in current practices if a company could not obtain consent to handle your account and process your data over the telephone by a customer service representative.
Oral consent is not explicitly prohibited by the GDPR Articles. Instead, the GDPR simply requires that there be sufficient documentation to demonstrate that consent was given. Recital 32 seals the deal to the question though by stating that an oral statement may be sufficient as a clear affirmative act sufficient for consent.
Additionally, the UK Information Commissioner’s Office indicated that answering yes to a clear oral consent request was sufficient to meet the need for opt-in. If oral consent is needed for various different purposes, the best practice is a separate opt-in for each. Silence or a blanket acceptance of terms and conditions cannot be relied upon in order to establish consent.
Because of the documentation requirement, the data controller will need to document that oral consent was given. The documentation should include a recording (where legally recorded) or other documentation by the recipient including the name of the individual providing consent, the date and time, the information provided before consent was given, and any other information necessary to obtain valid consent (for example, in the case of a child, their parent or guardian’s consent).
For additional information, check out our best practices for consent under GDPR.
Contact Clarip for CCPA and GDPR Software
The Clarip privacy management software is ready to help improve your organization’s privacy practices. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo with a member of the Clarip team.
If your immediate need is California Consumer Privacy Act compliance, take a look at our CCPA software. From consent management to powerful DSAR Software, Clarip offers enterprise privacy management at an affordable price.
Still working on GDPR compliance? We understand! Our GDPR software tools offers a range of options from data mapping software, DPIA automation, and cookie management for ePrivacy.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.
Related Content
Consent Management Software Platform
Preference Management Software Solution
Opt In & Opt Out Consent Software for CCPA
Right to Opt Out in CCPA
Mobile App Consent Manager
Service Providers and the Right to Opt Out under the California Consumer Privacy Act
Opt In Consent for Children in CCPA
How to Obtain Consent Under GDPR
Best Practices for GDPR Consent
GDPR’s Special Categories of Personal Data
Verbal Consent Under GDPR
GDPR-K: Children’s Data and Parental Consent