The European Union’s General Data Protection Regulation (the “GDPR”) goes into effect in a little over fourteen months and from a quick glance at our bullet points analysis you can see there is a lot to consider. One crucial aspect you need to be thinking about now is how your organization collects and manages consents from individuals for processing their personal information. Without a strong understanding of what valid consent means under the GDPR, before long you may find yourself holding valuable data that you are not able to process as you need to for your business.
To this end, the Information Commissioner’s Office (the “ICO”), the data protection authority for the UK, last week published a consultation draft of its GDPR consent guidance. This is a practical resource meant to help organizations get to grips with the GDPR’s consent requirements and align their internal procedures and processing activities, as well as their customer-facing websites, marketing materials, and product infrastructure. Although the UK ICO cannot speak for the other EU data protection authorities, they have a good track record of producing practical guidance set out in accessible language, which makes the ICO website a good first stop for US companies seeking to understand their obligations in the EU. We encourage you to review this helpful resource and provide feedback to the ICO using their comment form by March 31. We also offer this high-level snapshot of a few key points: Continue Reading It’s Not Too Early! ICO Guidance Regarding Consent Under GDPR