What does the Information Commissioner say about GDPR
The GDPR sets a high standard for consent, but the biggest change is what this means in practice for your consent mechanisms.
The GDPR is clearer that an indication of consent must be unambiguous and involve a clear affirmative action (an opt-in). It specifically bans pre-ticked opt-in boxes. It also requires distinct ("granular") consent options for distinct processing operations. Consent should be separate from other terms and conditions and should not generally be a precondition of signing up to a service.
You must keep clear records to demonstrate consent.
The GDPR gives a specific right to withdraw consent. You need to tell people about their right to withdraw, and offer them easy ways to withdraw consent at any time.
Public authorities, employers and other organisations in a position of power may find it more difficult to show valid freely given consent.
You need to review existing consents and your consent mechanisms to check they meet the GDPR standard. If they do, there is no need to obtain fresh consent.
What do we do about it?
The key phrase above is "granular". We will always attempt to answer your queries without requesting any unnecessary information. We have found that the majority of questions can be answered by reference to the articles in our Advanced or Help section. Where the queries are simple, we will refer enquirers there.
If an enquirer needs further information, we may request additional information to help clarify the issue but again without requesting any unnecessary information.
The case handling system we use is Zendesk - a well established cloud hosted CRM. You can read more about Zendesk and GDPR here.
Our case handlers will close a case and archive the information as soon as possible but no longer than 6 months from the first enquiry. The enquirer though can re-open a case after that or close the case themselves at any time within the 6 months.