Professional Documents
Culture Documents
GDPR & Consent - An Essential Guide
GDPR & Consent - An Essential Guide
the GDPR:
An Essential
Guide
Everyone is talking about the General Data
Protection Regulation, and what it means
for business. Widely reported to be one of
the most heavily-lobbied pieces of European
Union legislation ever, the GDPR will go into
effect next year introducing a number of
compliance challenges that businesses will
need to overcome.
The net effect of this is that a number of global businesses that Ultimately, wherever you are based, if you are looking to do
were not previously within the scope of European data protection business in the EU then GDPR compliance will be essential.
rules will be caught by the GDPR and expected to comply with its
requirements from May 2018. The changes to consent
This includes businesses established in the UK. While the UK has One of the most talked about aspects of the GDPR is the changes
voted to leave the European Union, it will not do so before the it will introduce to the requirements for obtaining valid consent.
GDPR comes into effect. This means that all UK businesses will Under the current Data Protection Directive, an individual’s
WHITEPAPER
consent must be “freely given, specific and informed”. The GDPR enabling them to make choices about how and why their personal
amends this requirement to add that consent must now also be information will be used. Customers who feel in control of the data
“unambiguous”. Within the introductory recitals to the GDPR, it a business uses about them are likely to have higher levels of trust
explains that “consent should be given by a clear affirmative act … in that business – in turn, likely encouraging repeat customers
such as by a written statement, including by electronic means, or and growth into use of other products and services that the
an oral statement… Silence, pre-ticked boxes or inactivity should business offers.
not therefore constitute consent” (Recital 32).
One of the most talked mandates that businesses must include certain data protection
terms in their contracts with vendors. This will require most
GDPR is the changes compliant, data protection terms, while at the same time ensuring
their future vendors are also signed up to GDPR-compliant terms.
the requirements for that their vendors have signed up to GDPR-compliant terms.
obtaining valid consent. systems typically do not record the level of information necessary
WHITEPAPER
“Close it in the Cloud”, SecureFields, Stick-eTabs, PowerForms, “The fastest way to get a signature”, The No-Paper logo, Smart Envelopes, SmartNav, “DocuSign It!”, “The World
Works Better with DocuSign” and ForceFields are trademarks or registered trademarks of DocuSign, Inc. in the United States and or other countries. All other trademarks and