Page Contents

Answer

If the consent provided by a person prior to the General Data Protection Regulation (GDPR) is in line with the conditions of the GDPR, then there is no need to ask again for the individual’s consent. Your company/organisation has to make sure that the consent given before the GDPR meets the conditions set out in the GDPR.

Examples

No need for new consent

The GDPR will start to apply on 25 May 2018. You’ve recently reviewed your company/organisation's  privacy policy. You’ve checked that the consent within your organisation was gathered in writing and complied with all the requirements of the GDPR. In that case, you don’t need to ask your clients/customers for consent again in May 2018.

Need to obtain consent again

Your company/organisation obtained consent from clients a few years ago using a system of pre-ticked boxes online. It’s now clear that this manner of obtaining consent will not be valid as of 25 May 2018. Your company/organisation  will have to obtain consent again if it wishes to continue processing the data.

References

  • Articles 4(11) and 7 and Recital (171) of the GDPR
  • Article 29 Working Party Opinion on consent adopted on 28 November 2017