In a blog post from Jo Pedder, Interim Head of Policy and
Engagement, the ICO has announced the publication of its ‘first piece of
detailed topic-specific GDPR guidance’. The ‘GDPR consent draft guidance’ and
the related consultation document can be accessed here.
The consultation runs until 31 March 2017.
Jo Pedder said:
‘The basic concept of consent, and
its main role as one lawful basis (or condition) for processing, is not new.
However the GDPR does set a high standard for consent. It builds on the Data
Protection Act (DPA) standard of consent in a number of areas, and it contains
significantly more detail on both the standard and processes for consent.
Basing your processing of customer
data on GDPR-compliant consent means giving individuals genuine choice and
ongoing control over how you use their data, and ensuring your organisation is
transparent and accountable.’
The draft guidance sets out a recommended approach to
compliance and what counts as valid consent. It aims to provide practical help
to decide when to rely on consent, and when to look at alternatives. The ICO
aims to publish final guidance in May but states that the ‘timescale may be
affected if we need to take account of developments at the European level’.
A call for evidence on technical solutions for obtaining and
managing consent and agreed further guidelines from the Article 29 Working Party
are expected later in the year.