The ICO have released a more detailed guide to consent alongside its Guide to the GDPR ahead of changes set to take place on May 25th.
A common misconception is that all consents must be refreshed under the new regulations which isn’t true.
The guide states that it is not necessary for an organisation to refresh all of their consents, but it must be checked that all consents meet GDPR standards. Where consents do not meet standards organisations must then seek to refresh these, find a different lawful basis for processing or stop any processing.
The guide explains what counts as consent, and how and when consent should be obtained. Organisations must tell people that they have a right to withdraw consent and have means in place for dealing with these requests. Consent requests must be also be separate from other terms and conditions. Full details can be found in the guide.
