Consent
• Individuals must be informed of what their data is going to be used for, who will have access to it, where it will be stored and how long it will be held for • They must give their consent for their data to be used • Consent must be ‘ freely given, specific, informed and unambiguous ’ • Members cannot be forced into consent or unaware that they are giving consent • Obtaining consent requires a positive indication of agreement – it cannot be inferred through silence (not objecting), pre-ticked boxes or inactivity • Consent must be ‘ refreshed ’ – It cannot be deemed as indefinite • Consent must also be verifiable – Data Controllers must be able to demonstrate that consent was given and an audit trail should be maintained • ‘Legal Basis’ can be used to process information in the absence of consent in certain, very specific, circumstances • It must be easily possible for a person to withdraw their consent
Made with FlippingBook - Online catalogs