How to gather consent correctly under the GDPR?

By
Alex Franch
May 8, 2023

Table of Contents

There are two things that we need to consider when collecting personal information from somebody for marketing purposes.

  1. Making sure that we are collecting consent correctly
  2. Making sure we are showing the user the correct privacy information before processing their data.

Say we want users to subscribe to a newsletter or we want to send them some marketing communications. It looks something like asking for name, email, maybe some other data you need and then we have a checkbox. What we write in the text next to the checkbox and how we configure it is key to ensure we collect consent in a compliant way.

The rules around GDPR consent

ℹ️ Following GDPR, for consent to be valid it must be freely given, specific, informed, unambiguous and can be revoked.

To comply with this an individual must give clear affirmative action to the processing of their personal data For more checkout: GDPR Article 4(11)

The GDPR Consent Formula

We have created a formula to make sure that your forms are always compliant. The formula is:

By <clear affirmative action>, I consent to <Controller Name> processing my <personal data> for the purpose of <purpose for which we're collecting data>. You can unsubscribe at any time. For more information check our Privacy Policy (hyperlink to Privacy Policy).

GDPR Consent Real Life Example

“[  ] By checking the box, I consent to Privasee processing my email address and name for the purpose of sending a newsletter. You can unsubscribe at any time. For more information check our Privacy Policy.”

Now let’s break down how we are complying with regulation. Remember consent must be:

  • Freely given - the box is not pre-ticked.
  • Specific - we tell the user exactly what they are consenting to.
  • Informed - we are telling the individual what data we are using and for which exact purpose.
  • Unambiguous - we are telling the user an affirmative action and not using negation language that could confuse the user.
  • Can be revoked - we tell the user they can unsubscribe at any time and give them a way to do so.
  • A user can use Privasee’s privacy portal to request for consent to be withdrawn.
  • We will also include an unsubscribe button in all our communications with the individual.

Frequently Asked Questions - FAQ

What if I am collecting data to share with somebody else? For example, if I am an event looking to share information about attendees?

This answer is a work in progress - you can email us at support@privasee.io directly to get a response for your use-case!

What do I do if I need to collect consent for multiple purposes? For example, sending a marketing email but also sharing that data with another company?

This answer is a work in progress - you can email us at support@privasee.io directly to get a response for your use-case!

What if someone is signing up to my product, can I just assume that I can send them marketing material then?

This answer is a work in progress - you can email us at support@privasee.io directly to get a response for your use-case!

Alex Franch is the co-founder and CEO of Privasee. With a background in computer science and cybersecurity, it is no surprise that he is a highly analytical problem solver; now putting these skills to use within the data privacy space. Alex is passionate about GDPR, and productivity and spends a lot of time doing sports as he values the importance of having a work-life balance. He is excited to help businesses generate documentation, and become and maintain GDPR compliance through the Privasee platform.

Get Compliant in <1 Hour

Are you Fully GDPR Compliant?

Ensure your policies are always up to date with Privasee, an AI powered GDPR compliance solution that does it all.