GDPR consent request forms: Sample text
April 23, 2018
GDPR best practices require the ability to obtain valid consent from EU customers to allow for the lawful collection and processing of personal data—as well as the ability for those customers to withdraw their consent. This download outlines the basics and offers examples of three types of request forms.
From the download:
The European Union General Data Protection Regulation (GDPR) requires every organization that collects sensitive personal data from those residing in the EU to ask for clear and specific consent before collecting that data. According to the GDPR, personal data is any bit of information that can be used to identify the data subject providing the personal data.
This broad definition means that consent must be obtained before asking for a name, email address, or even collecting tracking information in the form of a website cookie. It is this broad definition that will trip up many organizations unprepared for the GDPR. Just as important, once proper consent is obtained, all data subjects must have a simple and clear mechanism for reversing their previous consent.
Complying with these provisions of the GDPR will require many organizations to change the way they request consent from customers, clients, and users. GDPR best practices lay out some foundational principles that will help enterprises reach compliant status more quickly.
Here are the conditions of valid consent under the GDPR:
- Consent needs to be freely given.
- Consent needs to be specific, per purpose.
- Consent needs to be informed.
- Consent needs to be an unambiguous indication.
- Consent needs to be given by a statement or by a clear act.
- Consent needs to be distinguishable from other matters.
- The request for consent needs to be in clear and plain language, intelligible, and easily accessible.