The following Risk & Compliance guidance note provides comprehensive and up to date legal information covering:
Historically, many commercial organisations relied on consent as the main lawful ground for processing personal data. This is because the pre-General Data Protection Regulation (GDPR) regime did not impose particularly onerous requirements around obtaining and recording consent.
The GDPR significantly raises the bar on what constitutes consent (the subject of this Practice Note) and in relation to obtaining, managing and recording consent (see Practice Note: GDPR and consent—obtaining, recording and managing consent).
This Practice Note is based on the final text of the GDPR and consent guidance published by the Information Commissioner’s Office (ICO), which provides insight into how the ICO interprets the GDPR on consent and the ICO’s general recommended approach to compliance and good practice.
Consent is unlikely to be the default ground for processing personal data under the GDPR and organisations will need to consider whether any other lawful grounds are more appropriate from a legal and operational perspective—see below: Do you need consent? and Practice Note: GDPR compliance—lawful processing.
The table below compares the definition of consent under the pre-GDPR regime against the GDPR definition
**excludes LexisPSL Practice Compliance, Practice Management and Risk and Compliance. To discuss trialling these LexisPSL services please email customer service via our online form. Free trials are only available to individuals based in the UK. We may terminate this trial at any time or decide not to give a trial, for any reason. Trial includes one question to LexisAsk during the length of the trial.
To view the latest version of this document and thousands of others like it, sign-in to LexisPSL or register for a free trial.
Existing user? Sign-in
Take a free trial
Take a free trial
0330 161 1234