When the EU General Data Protection Regulation (GDPR) came into force in 2018, there was a lot of discussion about the law’s consent requirements.
Many companies panicked. They’d been relying on a weaker standard for many years—would customers still provide consent at this new, higher standard?
But other organisations embraced the change, seeing an opportunity to drive forward a more transparent and respectful relationship with their customers.
Consent and Data Protection
Consent is such an important part of data protection and privacy laws because it helps people maintain control of their personal data.
There are different models of “consent.” The GDPR, which is in force across the U.K. and the European Economic Area (EEA), provides the strongest consent model.
Under the GDPR, consent must be:
- Freely given
- Given via a clear, affirmative action
- Easy to withdraw
This means that when you ask someone in the U.K. or European Economic Area (EEA) for consent, you must fully inform them about your request, ask them to take a clear action like ticking a box, and always allow them to opt in, rather than out.
Some businesses cut corners when getting consent, relying on invalid marketing sign-up forms or cookie consent solutions.
Unlawful consent requests can cause big legal issues. There are plenty of examples, such as the recent multi-million euro fines against Amazon and Google for failing to obtain GDPR-valid cookie consent.
But—legal concerns aside—failing to get proper consent means you miss out on the opportunity to build your company’s image and establish a strong relationship with your customers.
The benefits of obtaining consent
When a person gives you GDPR-valid consent, it simply means that:
- They understand what you intend to do with their personal data
- They’re happy with their choice
- They know they can change their mind at any time
Anything less than this is a pretty poor foundation for a customer relationship.
Obtaining proper consent gives people real control and can bring positive associations with your brand. People really care about this stuff:
- 2019 Cisco data suggests 84% of consumers care about privacy and want more control over their data.
- A 2020 consumer privacy survey from EY suggests that sharing data without consent is the factor most likely to reduce consumers’ trust in an organization.
- According to Cisco’s 2020 data, 74% of companies felt investing in privacy had helped them build “loyalty and trust” with customers.
So, obtaining proper consent isn’t just a legal requirement: It’s an opportunity for you to build trust with your customers.
What’s more—if you’re confident that your customers have provided informed, unambiguous consent, this improves your data pool and minimizes the amount of unnecessary personal data in your control.
When to get consent
You don’t always need consent to use someone’s personal data—but you need it for certain activities, like:
- Setting non-essential cookies
- Sending unsolicited direct marketing
- Sharing data for marketing purposes
Generally speaking, if you can offer someone a genuine, free choice over how or whether you use their personal data, you must get their consent.