It’s time to bid adieu to the pre-ticked consent boxes on your housing association’s forms - the ones that permit you to process an individual’s personal data.
That’s because on May 25th, when the EU’s General Data Protection Regulation (GDPR) comes into effect, those little pre-ticked boxes (and other default opt-in settings) will no longer be allowed to be used when it comes to obtaining people’s consent to process their personal data.
Instead, your organisation will have to change the way you obtain an individual’s consent.
In a bid to give individuals more control over how their personal data is used, the EU has made getting consent a more rigorous yet more transparent process.
As 3C Consultants’ Managing Director Colin Sales reveals in this video, it’s vital for landlords to familiarise themselves with the implications of the changes.
For instance, the way in which your organisation gets an individual’s consent to process their data must be prominent, concise, separate from other terms and conditions, and easy to understand.
The name of your organisation must appear on the consent form. So should the reason you want the personal data and how you intend to use it. This will apply to employees, suppliers and tenants.
The consent must be specific. In other words, vague or blanket consent won’t be enough. If necessary, your organisation will have to get separate consent for separate things.
Under GDPR, your organisation must be able to prove it has a lawful reason for collecting and processing the personal data of tenants, employees and suppliers.
The GDPR states that organisations must meet one of six conditions (including getting consent) for the processing of personal data. If getting consent is too difficult, your organisation must meet with one of the other five conditions. They are:
But if obtianing consent is the route your organisation will choose, it’s important to get the process right. Getting the consent process wrong could leave your organisation open to sanctions or even hefty fines, warns Colin.
Get it right, and you’ll not only put your clients in control of their data, but also help to build their trust and engagement with your organisation, he adds.
If you need help or would like to discuss any issue that this GDPR video series raises, please call us now on 0333 900 3003.