By
Alex Franch
May 19, 2023
If you now want to use someone’s data for a different purpose from what you originally gathered consent for, you need to refresh that consent.
For example, if you gathered consent to send people marketing emails and you now want to use that data for a different purpose, you must ask for consent again.
While there's no strict time limit to the validity of the consent given by a user, the ICO recommends that consent be refreshed every 2 years.
That said, we need to consider the context in which consent is given and what the individual would expect. If you tell a user that you will be processing their data for the next 3 events they will attend, then they will not expect you to process their data after that. In this scenario, the individual is not likely to expect you to continue processing their data so refreshing consent would be necessary.
Consent for placing cookies on someone’s device is different. Again no strict requirement is in place but there are strong recommendations by the French and Irish regulators that cookie consent should be refreshed every 6 months.
That is the default setting for Privasee’s cookie banner.
In that case, you can't use their data at all, therefore there's no consent to refresh.
We’ve not developed this section of the blog yet! If you’d like our insight, feel free to reach out to support@privasee.io and reference this blog. We’ll be delighted to help you with this!
Ensure your policies are always up to date with Privasee, an AI powered GDPR compliance solution that does it all.