20 July 2018
When seeking to acquire informed consent the default solution tends to be that you can obtain a written consent from each and every customer. This is of course perfectly fine, if it is manageable. But even overcoming this task leaves the burden of gathering the consent documents and filing them, followed by ensuring the data is correct etc.
Remember, consent is just one of the ways in which processing data might be justified. Therefore, consider the processes that you are seeking consent to carry out, and look at alternative lawful bases.
If, for example, a library lends books to a member of the library, this could then be covered by ‘contract’. You could then either update the contract (thereby adding any additional needed provisions aside from GDPR consent) and have it signed by the library customers prior to lending new material, or have an addendum drafted.
It is also worth remembering that any function (such as the library example here), which fulfills tasks in the public interest, will be able to show it has legitimate interests as a controller and the processing is necessary.
There are useful guidelines for consent from WP29: https://iapp.org/resources/article/wp29-guidelines-on-consent/#
To find how our friendly and knowledgeable solicitors can help you, contact us today.
Make a free enquiry - Call now - 0151 659 1070
