Using consent

Under GDPR, consent is one of the six lawful bases to process data and contact customers. The new definition of consent is more weighty, with two extra points to consider:

Consent is: “Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

When you’re looking to get consent, as defined above, mail is recommended by the DMA as the channel to use. It is read, trusted and acted on.

Using legitimate interests

You may also want to look at whether your organisation can use legitimate interests to contact people. If you can establish legitimate interests, then you can keep talking to customers under opt out.

If you use legitimate interests, you’ll need to carry out an assessment and document it. The Information Commissioner’s Office (ICO) says an organisation must show the processing of data is necessary for the legitimate interests being persued, and is not overridden by the fundamental rights and freedoms of individuals.

For more information on consent and legitimate interests, download our free guide.

Get the guide to GDPR

Back to GDPR homepage