Monday, December 23, 2024
Lawyers Run The WorldGDPR Compliance and Best Practices

GDPR Compliance and Best Practices

-

- Advertisment -spot_img

The European Union’s General Data Protection Regulation (GDPR) sets a high standard for consent. Consent means offering people genuine choice and control over how their data is used.

The GDPR definition of consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”

It must be freely given, specific, informed, and there must be an indication signifying agreement. It must be unambiguous and involve a clear affirmative action. Various conditions for consent include keeping of records, clarity and prominence of consent requests, the right to withdraw consent and avoiding making consent a condition of a contract. There must exist clear granular choices for people upfront and ongoing control over consent.

Consent is one lawful basis for processing, but there are alternatives. Marketers should always select the lawful basis that most closely reflects the true nature of its relationship with individuals and the purpose of the processing. If consent is difficult, it may be because another lawful basis is more appropriate.

So, what are the alternatives to consent for processing personal data?

  1. A contract with the individual. For example, to supply goods or services they have requested, or to fulfill obligations under an employment contract. This also includes steps taken at a person’s request before entering into a contract.
  2. Compliance with a legal obligation. If required by UK or EU law to process the data for a particular purpose.
  3. Vital interests. If necessary to protect someone’s life. T
  4. A public task. To carry out your official functions or a task in the public interest – and a legal basis for processing under UK law exists.
  5. Legitimate interests. Private-sector organizations can process personal data without consent if there exists a genuine and legitimate reason (including commercial benefit), unless this is outweighed by harm to the individual’s rights and interests.

Private-sector organizations will often be able to consider the “legitimate interests” basis if they find it hard to meet the standard for consent and no other specific basis applies. This recognizes that you there may be a good reason to process someone’s personal data without their consent – but marketers must ensure there is no unwarranted impact on the data subjects and that the process is fair, transparent and accountable.

Public bodies cannot generally rely on legitimate interests under the GDPR, but may be able to consider the “public task” basis instead.

Relevant guidance sets forth when to rely upon consent for processing and when to look at alternatives. In a recent blog post entitled “GDPR Consent and the Legitimate Interest Alternative,” FTC defense lawyer Richard Newman examines opt-in consent requirements, recordkeeping obligations and additional bases for processing information of EU residents, including, the legitimate interest justification.

Consult the author to discuss updating privacy policies and related disclosures in light of emerging regulatory requirements.

Richard B. Newman is an advertising compliance and regulatory defense attorney at Hinch Newman LLP.

ADVERTISING MATERIAL. Informational purposes only. Not legal advice. Always seek the advice of an attorney. Previous case results do not guarantee similar future result. Hinch Newman LLP | 40 Wall St., 35th Floor, New York, NY 10005 | (212) 756-8777.

Richard B. Newman
Richard B. Newmanhttp://www.hinchnewman.com
Richard B. Newman is an Internet Lawyer at Hinch Newman LLP focusing on advertising law, Internet marketing compliance, regulatory defense and digital media matters. His practice involves conducting legal compliance reviews of advertising campaigns across all media channels, regularly representing clients in high-profile investigative proceedings and enforcement actions brought by the Federal Trade Commission and state attorneys general throughout the country, advertising and marketing litigation, advising on email and telemarketing best practice protocol implementation, counseling on eCommerce guidelines and promotional marketing programs, and negotiating and drafting legal agreements.

What's your opinion?

Latest news

 2024: Goodbye Impressions, Hello Attention

Attention Metrics: The Ad Industry’s New Favorite Buzzword  2024 will forever be known as the year advertisers got collectively obsessed...

What is the Perfect Ad? 

Spoiler Alert: It’s Still Not What You Think I’ve been talking shop with some of the sharpest creative minds on...

Display Advertising: The Zombie That Refuses to Die (And Why You Should Care)

Ah, display ads. Like bell-bottoms and vinyl, they’ve been declared dead so many times they’re practically immortal. “Who’s even...

FTC Sends Warning Letters to Healthcare Lead Generators

The Federal Trade Commission is watching the healthcare lead generation industry closely. On December 10, 2024, the Federal Trade Commission...

Ditch the Dirty Blanket: Facing the Funky Truth of Ad Spend

Look, marketing land is littered with marketers clinging to old-school attribution models tighter than a toddler with a filthy...

When Ad Titans Tango: Omnicom and IPG’s $25 Billion Waltz to Dominance

In a move that has the advertising world clutching its collective coffee cups a little tighter, Omnicom Group has...

Must read

 2024: Goodbye Impressions, Hello Attention

Attention Metrics: The Ad Industry’s New Favorite Buzzword  2024 will...

Display Advertising: The Zombie That Refuses to Die (And Why You Should Care)

Ah, display ads. Like bell-bottoms and vinyl, they’ve been...

You might also likeRELATED
Recommended to you