GDPR Compliance Journey - 07 Consent
Summary
TLDRThis video script discusses the importance of consent in the context of GDPR compliance. It outlines the necessary actions to ensure clear, explicit consent requests, including implementing a withdrawal process, maintaining detailed consent reports, and communicating consequences to data subjects. The script also highlights updates to online forms to improve transparency and explicit consent, while acknowledging the challenges of achieving full compliance with software and supplier limitations.
Takeaways
- 📝 The video discusses the importance of consent in the context of GDPR compliance and outlines the actions taken to ensure compliance with these guidelines.
- 🔍 The speaker highlights the need for clear and explicit consent requests when collecting personal data.
- 📊 A report detailing when, where, and why consent was obtained is necessary to demonstrate compliance.
- 📑 Contracts related to data handling must be communicated to data subjects to inform them of the legal basis for processing their data.
- 🗣️ Data subjects should be informed about the consequences of giving or withdrawing consent in clear and plain language.
- 🔑 Each consent request must be explicit and separate, ensuring users are not overwhelmed by bundled permissions.
- 🛑 The ability for data subjects to withdraw their consent is a critical component of compliance and must be facilitated.
- 🔄 Modifications to online forms and data collection methods have been made to enhance clarity and explicitness in consent requests.
- 📧 A privacy statement link is now included in forms to inform users about how their data will be used and retained.
- 📝 An agreement checkbox has been added to forms to ensure users specifically agree to the use of their information as described.
- 🤔 Despite best efforts, achieving full compliance with GDPR can be challenging due to the need to align all software and suppliers with these standards.
Q & A
What is the main focus of the video script?
-The main focus of the video script is discussing consent in the context of the General Data Protection Regulation (GDPR) and how the company has updated its processes and online forms to ensure compliance with GDPR requirements.
What are the four key areas highlighted by the guidelines software for handling consent?
-The four key areas are: ensuring that consent requests are clear and explicit, being able to report on consent, providing information when asking for consent, and giving data subjects the ability to withdraw their consent.
How has the company updated its contact form to improve clarity regarding consent?
-The company has added an agreement checkbox at the bottom of the contact form, so that individuals can specifically agree to the use of their information in response to their inquiry.
What changes were made to the document assessment form on the website to enhance consent clarity?
-The new form explains what will be done with the information provided, such as sending results and information about free resources, and includes a link to the privacy statement along with an agreement checkbox for explicit consent.
What is the purpose of the subscribe form mentioned in the script?
-The subscribe form is used to collect email addresses for subscription purposes. It has been updated to include a link to the privacy statement and to inform users about the retention of their email for future communications.
How does the company handle information from the free templates form?
-The company has updated the free templates form to explain the reasons for collecting information and how it will be used. It includes a specific opt-in box to get the user's agreement and is transparent about data usage.
What challenges does the company face in achieving full compliance with GDPR?
-The company faces challenges in aligning all of its software and suppliers with GDPR requirements, such as the inability to include specific consent information on the chat widget.
What steps is the company considering to address the challenges with the chat form?
-The company is considering how to provide information to users and respond to them during a chat session to ensure they understand clearly and specifically what the information will be used for and how it will be retained after the chat ends.
What is the role of the privacy notice in the company's GDPR compliance strategy?
-The privacy notice plays a crucial role in informing data subjects about how their information will be used, stored, and protected, and it will be updated to reflect the company's commitment to GDPR compliance.
What is the significance of the subject access request process in the context of consent?
-The subject access request process is important for GDPR compliance as it allows data subjects to access their personal data and understand how it is being used, and it is part of the company's efforts to ensure transparency and control over personal data.
How does the video script conclude regarding the company's compliance journey?
-The script concludes by stating that the changes made to the forms and the upcoming updates to the privacy notice and subject access request process will address the consent requirements under GDPR, aiming to simplify compliance for the company.
Outlines
📝 GDPR Consent Process and Online Form Modifications
This paragraph discusses the steps taken to ensure compliance with GDPR consent requirements. The speaker introduces the topic of consent and outlines the actions implemented, including creating a process for withdrawing consent, generating reports on consent acquisition, informing data subjects about contracts and consequences, and ensuring clear and plain language in consent requests. The focus is on making consent requests explicit and separate, with modifications made to online forms to improve clarity and explicitness. The speaker mentions the integration of an agreement checkbox in forms to secure explicit consent and the inclusion of privacy statement links for transparency. The paragraph concludes by acknowledging the challenges in achieving full compliance due to software and supplier inconsistencies.
🔍 Enhancing Transparency in User Consent and Data Handling
The second paragraph delves into the ongoing efforts to provide clear information to users about how their data will be used, particularly in the context of chat forms where it's challenging to include specific consent information. The speaker discusses the strategy to ensure users understand what data is collected during a chat, its intended use, and the retention policy post-chat session. The paragraph also references upcoming updates to the privacy notice and subject access request process to further align with GDPR consent requirements. The summary emphasizes the importance of transparency and the continuous journey towards compliance, aiming to simplify the process for the audience.
Mindmap
Keywords
💡Consent
💡Data Protection
💡GDPR
💡Data Subject
💡CRM System
💡Opt-in
💡Data Minimization
💡Privacy Statement
💡Retention Policy
💡Subject Access Request
💡Compliance
Highlights
Introduction to the GBBR compliance journey focusing on consent.
Implementation of a process to withdraw consent as part of compliance actions.
Creation of a report detailing the circumstances of consent acquisition.
Informing data subjects about related contracts when consent is obtained.
Explanation of the consequences of consent to data subjects in clear language.
Ensuring each consent request is explicit and separate.
Four key areas identified for compliance: clarity in consent requests, reporting, privacy notice, and consent withdrawal.
Modification of online forms for clarity and explicit consent requests.
Inclusion of an agreement checkbox in forms for explicit user consent.
Update of the document assessment form to explain information usage and provide a privacy statement link.
Subscription form updates to inform users about information retention and privacy policy.
Free templates form revised to clarify information collection purposes and consent.
Challenges in achieving full compliance with GDPR due to software and supplier limitations.
Consideration of how to handle consent information in chat forms.
Plans to provide clear information and consent explanations during chat sessions.
Upcoming updates to the privacy notice and subject access request process to enhance compliance.
Conclusion emphasizing the importance of compliance with GDPR consent requirements.
Transcripts
[Music]
hello and welcome back to the guideline
gbbr compliance journey this time we are
talking about consent and I thought we
would jump straight in to the guidelines
software and take a look at the actions
we had around consent so as we can see
we had a number of actions to complete
on consent so we had to implement a
process to withdraw consent create a
report that details where when and why
consent was obtained tell the data
subject about any related contracts
explain to data subjects the
consequences of consent and make sure
it's in clear and plain language and
just a little lower make each request
explicit and separate so the actions
highlighted by the guidelines software
they're really break down into four
areas firstly we need to make sure that
when we ask for information and request
consent that it's very clear and that
it's explicit secondly we need to be
able to report on consent now the
information that we collect goes into
our CRM system and the time of
submission and the fact that the opt-in
box has been clicked is recorded and
we're able to run that as a report I'm
not going to show that in this video
because clearly there is personal
information in that repository and I
don't want to expose any of that and
thirdly we need to provide information
when we asking for consent we'll come on
to that in the next video when we talk
about our privacy notice and finally we
need to give a the ability for data
subjects to withdraw their consent and
again we'll come on to that in a future
video when we talk about subject access
requests and the process that we've put
around that but for now let's take a
look at how we've modified our online
presence and our forms and the way that
we collect data to make them more clear
and more explicit
so firstly let's look at our contact
form on the left hand side of the screen
you can see our old form which just
collected some basic information so we
were happy with that from a data
minimization perspective but perhaps it
could have been clearer in asking for
consent so you'll see we've added an
agreement check box at the bottom of
this form so that people asking for
information can specifically agree that
we will use our information to respond
to them we have a document assessment
form on our website which enables
customers to see if they have the right
level of GDP our documentation and again
the old form just had some basic
information to be able to send an email
to somebody what we've done now on the
new form is to update it to explain what
we're going to do with the information
so we're going to send them their
results and we'll also tell about free
resources a guideline and we've also
provided a link to our privacy statement
and once again we have an agreement
checkbox so that users can specifically
indicate that they are happy for us to
use the information in the way that
we've described I run subscribe form is
very limited but again we thought it was
best practice to include link to the
privacy statement and to tell those
users what we're going to do with the
information that we have so we're going
to keep a copy of the email to make sure
we don't send anything in future but
also any other information such as their
name or address that we may have had we
will be deleting that in line with the
retention policy that we have we have a
free templates form and this had no
information on it so we've updated that
to give the reasons that we're
collecting the information and what
we're going to use it for and again
you'll see we have the specific opt-in
box to get somebody's agreement
but being very open and honest it's not
always easy to be completely compliant
with the gdpr because whilst we might be
making our best efforts it's sometimes
difficult to get all of our software and
our suppliers in line so really just
wanted to you know highlight this
because we know many of our customers
are having similar issues in achieving
full compliance so we have a chat form
and it's not possible on that chat
widget for us to put any specific
consent information or to explain what
we're going to do with that information
so as part of our work on consent we are
thinking about how we provide
information to the user how we respond
to the user if they start a chat to make
sure that they understand very clearly
and very specifically what we're using
the information for and where it might
go and how we might use and retain it
after that chat session has ended so not
waste rate word for words on consent but
we think with the changes we've made on
the forms and with the updated privacy
notice that will be turning about next
week or next time and the updated
subject access request process that we
will have answered on all the areas we
need to do to become compliant with the
consent requirements under the gdpr so
that's it for this time
I hope you found that useful and until
next time we hope you find your
compliance simple
Browse More Related Video
![](https://i.ytimg.com/vi/W5D2gkbzQNk/hq720.jpg)
GDPR Compliance Journey - 03 Data Mapping
![](https://i.ytimg.com/vi/AEW7xVkKeNU/hq720.jpg)
GDPR Compliance Journey - 08 Privacy Notice
![](https://i.ytimg.com/vi/i-IXNr9u2-w/hq720.jpg)
GDPR Compliance Journey - 14 Process Documentation
![](https://i.ytimg.com/vi/3IDnuvs0kNs/hq720.jpg?v=65e1ef52)
How to Implement GDPR Part 2 :Roadmap for Implementation
![](https://i.ytimg.com/vi/Wu3xSSlx_uQ/hq720.jpg)
Google Consent Mode v2 Komplettguide (deutsch) - Alles was du JETZT wissen musst!
![](https://i.ytimg.com/vi/uHi5MflEVnA/hq720.jpg)
Profilazione diretta e indiretta
5.0 / 5 (0 votes)