- Web forms
- Sign In page
- Email campaigns
- Telemarketing campaigns
Other
What information is being collected?
- Name
- Phone Number
- Address
- Other
Who is collecting it?
Why is it being collected?
How will it be used?
Who will it be shared with?
What will be the effect of this on the individuals concerned?
Is the intended use likely to cause individuals to object or complain?
How is this consent demonstrated?
- We keep a record of when and how we got consent from the individual.
- We keep a record of exactly what they were told at the time.
Where is consent recorded?
For example your CRM system, website etc
Managing Consent
- We regularly review consents to check that the relationship, the processing and the purposes have not changed.
- We have processes in place to refresh consent at appropriate intervals, including any parental consents.
- We consider using privacy dashboards or other preference-management tools as a matter of good practice.
- We make it easy for individuals to withdraw their consent at any time, and publicise how to do so.
- We act on withdrawals of consent as soon as we can.
- We don’t penalise individuals who wish to withdraw consent.
Are data subjects able to withdraw their consent for processing?
- No
- Yes
- Not Applicable
Do you have explicit consent for processing sensitive data?
- No
- Yes
- Not Applicable
Is personal data of children collected and processed?
- No
- Yes
- Not Applicable
Recommended Actions
Organisations should review how they seek, record and manage consent. Organisations need to assess whether the consents they hold are GDPR compliant and whether you need to make any changes. Businesses should refresh existing consents now if they do not meet the GDPR standard.
- Completed
- Not Applicable
- In Progress
You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity
- Completed
- Not Applicable
- In Progress