GDPR Compliance Journey - 07 Consent

Gydeline
13 Apr 201805:59

Summary

TLDRThis video script discusses the importance of consent in the context of GDPR compliance. It outlines the necessary actions to ensure clear, explicit consent requests, including implementing a withdrawal process, maintaining detailed consent reports, and communicating consequences to data subjects. The script also highlights updates to online forms to improve transparency and explicit consent, while acknowledging the challenges of achieving full compliance with software and supplier limitations.

Takeaways

  • 📝 The video discusses the importance of consent in the context of GDPR compliance and outlines the actions taken to ensure compliance with these guidelines.
  • 🔍 The speaker highlights the need for clear and explicit consent requests when collecting personal data.
  • 📊 A report detailing when, where, and why consent was obtained is necessary to demonstrate compliance.
  • 📑 Contracts related to data handling must be communicated to data subjects to inform them of the legal basis for processing their data.
  • 🗣️ Data subjects should be informed about the consequences of giving or withdrawing consent in clear and plain language.
  • 🔑 Each consent request must be explicit and separate, ensuring users are not overwhelmed by bundled permissions.
  • 🛑 The ability for data subjects to withdraw their consent is a critical component of compliance and must be facilitated.
  • 🔄 Modifications to online forms and data collection methods have been made to enhance clarity and explicitness in consent requests.
  • 📧 A privacy statement link is now included in forms to inform users about how their data will be used and retained.
  • 📝 An agreement checkbox has been added to forms to ensure users specifically agree to the use of their information as described.
  • 🤔 Despite best efforts, achieving full compliance with GDPR can be challenging due to the need to align all software and suppliers with these standards.

Q & A

  • What is the main focus of the video script?

    -The main focus of the video script is discussing consent in the context of the General Data Protection Regulation (GDPR) and how the company has updated its processes and online forms to ensure compliance with GDPR requirements.

  • What are the four key areas highlighted by the guidelines software for handling consent?

    -The four key areas are: ensuring that consent requests are clear and explicit, being able to report on consent, providing information when asking for consent, and giving data subjects the ability to withdraw their consent.

  • How has the company updated its contact form to improve clarity regarding consent?

    -The company has added an agreement checkbox at the bottom of the contact form, so that individuals can specifically agree to the use of their information in response to their inquiry.

  • What changes were made to the document assessment form on the website to enhance consent clarity?

    -The new form explains what will be done with the information provided, such as sending results and information about free resources, and includes a link to the privacy statement along with an agreement checkbox for explicit consent.

  • What is the purpose of the subscribe form mentioned in the script?

    -The subscribe form is used to collect email addresses for subscription purposes. It has been updated to include a link to the privacy statement and to inform users about the retention of their email for future communications.

  • How does the company handle information from the free templates form?

    -The company has updated the free templates form to explain the reasons for collecting information and how it will be used. It includes a specific opt-in box to get the user's agreement and is transparent about data usage.

  • What challenges does the company face in achieving full compliance with GDPR?

    -The company faces challenges in aligning all of its software and suppliers with GDPR requirements, such as the inability to include specific consent information on the chat widget.

  • What steps is the company considering to address the challenges with the chat form?

    -The company is considering how to provide information to users and respond to them during a chat session to ensure they understand clearly and specifically what the information will be used for and how it will be retained after the chat ends.

  • What is the role of the privacy notice in the company's GDPR compliance strategy?

    -The privacy notice plays a crucial role in informing data subjects about how their information will be used, stored, and protected, and it will be updated to reflect the company's commitment to GDPR compliance.

  • What is the significance of the subject access request process in the context of consent?

    -The subject access request process is important for GDPR compliance as it allows data subjects to access their personal data and understand how it is being used, and it is part of the company's efforts to ensure transparency and control over personal data.

  • How does the video script conclude regarding the company's compliance journey?

    -The script concludes by stating that the changes made to the forms and the upcoming updates to the privacy notice and subject access request process will address the consent requirements under GDPR, aiming to simplify compliance for the company.

Outlines

00:00

📝 GDPR Consent Process and Online Form Modifications

This paragraph discusses the steps taken to ensure compliance with GDPR consent requirements. The speaker introduces the topic of consent and outlines the actions implemented, including creating a process for withdrawing consent, generating reports on consent acquisition, informing data subjects about contracts and consequences, and ensuring clear and plain language in consent requests. The focus is on making consent requests explicit and separate, with modifications made to online forms to improve clarity and explicitness. The speaker mentions the integration of an agreement checkbox in forms to secure explicit consent and the inclusion of privacy statement links for transparency. The paragraph concludes by acknowledging the challenges in achieving full compliance due to software and supplier inconsistencies.

05:01

🔍 Enhancing Transparency in User Consent and Data Handling

The second paragraph delves into the ongoing efforts to provide clear information to users about how their data will be used, particularly in the context of chat forms where it's challenging to include specific consent information. The speaker discusses the strategy to ensure users understand what data is collected during a chat, its intended use, and the retention policy post-chat session. The paragraph also references upcoming updates to the privacy notice and subject access request process to further align with GDPR consent requirements. The summary emphasizes the importance of transparency and the continuous journey towards compliance, aiming to simplify the process for the audience.

Mindmap

Keywords

💡Consent

Consent is an agreement to allow something to happen or to do a particular thing. In the context of the video, it refers to the permission granted by individuals for an organization to process their personal data. The video emphasizes the importance of obtaining explicit consent and modifying online forms to reflect this requirement, such as adding an agreement checkbox on a contact form.

💡Data Protection

Data protection is the process of safeguarding the privacy and integrity of data. The video script discusses actions taken to ensure compliance with data protection regulations, particularly in the context of obtaining and managing consent. It highlights the need for clear and explicit requests for consent to align with data protection guidelines.

💡GDPR

GDPR stands for General Data Protection Regulation, a regulation in EU law that focuses on data protection and privacy for individuals within the European Union. The video discusses compliance with the GDPR, especially in relation to consent, indicating the importance of explicit consent and the ability for data subjects to withdraw it.

💡Data Subject

A data subject is an individual who is the subject of personal data. In the video, the term is used to describe the individuals whose consent is being discussed. The script mentions informing data subjects about contracts related to their data and the consequences of giving or withdrawing consent.

💡CRM System

CRM stands for Customer Relationship Management. It refers to a system used to manage interactions with current and potential customers. The script mentions that the time of submission and the fact that the opt-in box has been clicked are recorded in the CRM system, which can be reported on to demonstrate consent.

💡Opt-in

Opt-in is a term used to describe a consent-based mechanism where individuals voluntarily agree to receive something, such as emails or communications. The video script describes the implementation of an opt-in checkbox on forms to ensure explicit consent from users before collecting their data.

💡Data Minimization

Data minimization is a principle in data protection that involves collecting and retaining only the minimum amount of data necessary for a specific purpose. The script mentions being happy with the basic information collected on a form from a data minimization perspective.

💡Privacy Statement

A privacy statement is a document that informs users about an organization's privacy practices, including what data is collected, how it is used, and how it is protected. The video script discusses updating the privacy statement and providing a link to it on forms to ensure transparency and compliance with consent requirements.

💡Retention Policy

A retention policy is a set of rules that specifies how long data should be kept and when it should be deleted. The script refers to a retention policy that dictates the deletion of certain information, such as names or addresses, in line with compliance efforts.

💡Subject Access Request

A subject access request is a request made by an individual to obtain personal data held about them by an organization. The video script mentions the process around subject access requests as part of the compliance journey, indicating the need for a clear process for data subjects to withdraw their consent.

💡Compliance

Compliance refers to the act of conforming to a set of rules, such as regulations or standards. The video script is focused on compliance with data protection regulations, specifically the GDPR, and the various actions taken to ensure that the organization's processes and forms are in line with these requirements.

Highlights

Introduction to the GBBR compliance journey focusing on consent.

Implementation of a process to withdraw consent as part of compliance actions.

Creation of a report detailing the circumstances of consent acquisition.

Informing data subjects about related contracts when consent is obtained.

Explanation of the consequences of consent to data subjects in clear language.

Ensuring each consent request is explicit and separate.

Four key areas identified for compliance: clarity in consent requests, reporting, privacy notice, and consent withdrawal.

Modification of online forms for clarity and explicit consent requests.

Inclusion of an agreement checkbox in forms for explicit user consent.

Update of the document assessment form to explain information usage and provide a privacy statement link.

Subscription form updates to inform users about information retention and privacy policy.

Free templates form revised to clarify information collection purposes and consent.

Challenges in achieving full compliance with GDPR due to software and supplier limitations.

Consideration of how to handle consent information in chat forms.

Plans to provide clear information and consent explanations during chat sessions.

Upcoming updates to the privacy notice and subject access request process to enhance compliance.

Conclusion emphasizing the importance of compliance with GDPR consent requirements.

Transcripts

play00:00

[Music]

play00:03

hello and welcome back to the guideline

play00:06

gbbr compliance journey this time we are

play00:10

talking about consent and I thought we

play00:12

would jump straight in to the guidelines

play00:14

software and take a look at the actions

play00:16

we had around consent so as we can see

play00:24

we had a number of actions to complete

play00:26

on consent so we had to implement a

play00:30

process to withdraw consent create a

play00:33

report that details where when and why

play00:36

consent was obtained tell the data

play00:39

subject about any related contracts

play00:42

explain to data subjects the

play00:43

consequences of consent and make sure

play00:46

it's in clear and plain language and

play00:49

just a little lower make each request

play00:52

explicit and separate so the actions

play00:56

highlighted by the guidelines software

play00:59

they're really break down into four

play01:02

areas firstly we need to make sure that

play01:04

when we ask for information and request

play01:07

consent that it's very clear and that

play01:10

it's explicit secondly we need to be

play01:13

able to report on consent now the

play01:17

information that we collect goes into

play01:19

our CRM system and the time of

play01:22

submission and the fact that the opt-in

play01:24

box has been clicked is recorded and

play01:27

we're able to run that as a report I'm

play01:30

not going to show that in this video

play01:32

because clearly there is personal

play01:34

information in that repository and I

play01:35

don't want to expose any of that and

play01:38

thirdly we need to provide information

play01:40

when we asking for consent we'll come on

play01:44

to that in the next video when we talk

play01:45

about our privacy notice and finally we

play01:49

need to give a the ability for data

play01:52

subjects to withdraw their consent and

play01:54

again we'll come on to that in a future

play01:56

video when we talk about subject access

play01:58

requests and the process that we've put

play02:00

around that but for now let's take a

play02:03

look at how we've modified our online

play02:06

presence and our forms and the way that

play02:08

we collect data to make them more clear

play02:11

and more explicit

play02:13

so firstly let's look at our contact

play02:16

form on the left hand side of the screen

play02:19

you can see our old form which just

play02:21

collected some basic information so we

play02:24

were happy with that from a data

play02:26

minimization perspective but perhaps it

play02:29

could have been clearer in asking for

play02:33

consent so you'll see we've added an

play02:36

agreement check box at the bottom of

play02:38

this form so that people asking for

play02:41

information can specifically agree that

play02:45

we will use our information to respond

play02:48

to them we have a document assessment

play02:52

form on our website which enables

play02:54

customers to see if they have the right

play02:56

level of GDP our documentation and again

play02:59

the old form just had some basic

play03:02

information to be able to send an email

play03:03

to somebody what we've done now on the

play03:06

new form is to update it to explain what

play03:10

we're going to do with the information

play03:11

so we're going to send them their

play03:13

results and we'll also tell about free

play03:16

resources a guideline and we've also

play03:18

provided a link to our privacy statement

play03:20

and once again we have an agreement

play03:22

checkbox so that users can specifically

play03:26

indicate that they are happy for us to

play03:28

use the information in the way that

play03:30

we've described I run subscribe form is

play03:36

very limited but again we thought it was

play03:39

best practice to include link to the

play03:42

privacy statement and to tell those

play03:44

users what we're going to do with the

play03:47

information that we have so we're going

play03:48

to keep a copy of the email to make sure

play03:51

we don't send anything in future but

play03:54

also any other information such as their

play03:56

name or address that we may have had we

play03:59

will be deleting that in line with the

play04:01

retention policy that we have we have a

play04:05

free templates form and this had no

play04:08

information on it so we've updated that

play04:11

to give the reasons that we're

play04:13

collecting the information and what

play04:14

we're going to use it for and again

play04:17

you'll see we have the specific opt-in

play04:19

box to get somebody's agreement

play04:24

but being very open and honest it's not

play04:28

always easy to be completely compliant

play04:31

with the gdpr because whilst we might be

play04:34

making our best efforts it's sometimes

play04:36

difficult to get all of our software and

play04:40

our suppliers in line so really just

play04:42

wanted to you know highlight this

play04:45

because we know many of our customers

play04:46

are having similar issues in achieving

play04:49

full compliance so we have a chat form

play04:52

and it's not possible on that chat

play04:56

widget for us to put any specific

play04:58

consent information or to explain what

play05:00

we're going to do with that information

play05:01

so as part of our work on consent we are

play05:06

thinking about how we provide

play05:08

information to the user how we respond

play05:11

to the user if they start a chat to make

play05:13

sure that they understand very clearly

play05:15

and very specifically what we're using

play05:17

the information for and where it might

play05:21

go and how we might use and retain it

play05:23

after that chat session has ended so not

play05:27

waste rate word for words on consent but

play05:29

we think with the changes we've made on

play05:31

the forms and with the updated privacy

play05:35

notice that will be turning about next

play05:36

week or next time and the updated

play05:39

subject access request process that we

play05:42

will have answered on all the areas we

play05:45

need to do to become compliant with the

play05:47

consent requirements under the gdpr so

play05:50

that's it for this time

play05:51

I hope you found that useful and until

play05:53

next time we hope you find your

play05:55

compliance simple

Browse More Related Video

GDPR Compliance Journey - 03 Data Mapping

GDPR Compliance Journey - 08 Privacy Notice

GDPR Compliance Journey - 14 Process Documentation

How to Implement GDPR Part 2 :Roadmap for Implementation

Google Consent Mode v2 Komplettguide (deutsch) - Alles was du JETZT wissen musst!

Profilazione diretta e indiretta

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
GDPR ComplianceData ProtectionPrivacy NoticeConsent WithdrawalData MinimizationOpt-in FormsCRM IntegrationClear LanguageUser ConsentCompliance GuideData Retention