COOKIE NOTICE: 3C Consultancy uses cookies to store information on your computer, in order to improve your experience when using our website. One of the cookies we use is essential for parts of the site to operate and has already been set. You may delete and block all cookies from this site (using your browser), but parts of the site may not work. To find out more about the cookies we use and how to delete them, Read More.

Call us: 0333 900 3003

Why Pre-Ticked Boxes Will Become A No-No on May 25th

It’s time to bid adieu to the pre-ticked consent boxes on your housing association’s forms - the ones that permit you to process an individual’s personal data.

That’s because on May 25th, when the EU’s General Data Protection Regulation (GDPR) comes into effect, those little pre-ticked boxes (and other default opt-in settings) will no longer be allowed to be used when it comes to obtaining people’s consent to process their personal data.

Instead, your organisation will have to change the way you obtain an individual’s consent.

In a bid to give individuals more control over how their personal data is used, the EU has made getting consent a more rigorous yet more transparent process.

As 3C Consultants’ Managing Director Colin Sales reveals in this video, it’s vital for landlords to familiarise themselves with the implications of the changes.


For instance, the way in which your organisation gets an individual’s consent to process their data must be prominent, concise, separate from other terms and conditions, and easy to understand.

The name of your organisation must appear on the consent form. So should the reason you want the personal data and how you intend to use it. This will apply to employees, suppliers and tenants.

The consent must be specific. In other words, vague or blanket consent won’t be enough. If necessary, your organisation will have to get separate consent for separate things.

Under GDPR, your organisation must be able to prove it has a lawful reason for collecting and processing the personal data of tenants, employees and suppliers.

The GDPR states that organisations must meet one of six conditions (including getting consent) for the processing of personal data. If getting consent is too difficult, your organisation must meet with one of the other five conditions. They are:

  • Processing the data is necessary for the performance of a contract to which the individual is a party
  • Processing the data is necessary for the organisation to be legally compliant
  • Processing the data is necessary to protect the interests of the individual
  • Processing the data is necessary for the performance of a task carried out in the public interest or the exercise of official authority vested in the organisation
  • Processing the data is necessary for the legitimate interests pursued by the organisation (except where they are overridden by the interests or fundamental rights and freedoms of the individual which require the protection of personal data).

But if obtianing consent is the route your organisation will choose, it’s important to get the process right. Getting the consent process wrong could leave your organisation open to sanctions or even hefty fines, warns Colin.

Get it right, and you’ll not only put your clients in control of their data, but also help to build their trust and engagement with your organisation, he adds.

If you need help or would like to discuss any issue that this GDPR video series raises, please call us now on 0333 900 3003.