GDPR

How does consent work?

359 views December 7, 2017 Support 6

The process of consent consists of a few different parts; purpose, legal base, source and the option to withdraw consent.

Technically, you use eMarketeer to:

  • Store contact information, imported from other systems
  • Collect more contact data through web forms
  • Send emails and SMS for various purposes

This means that the information you store actually belongs to your contacts (data subject) and that information is used to communicate with the contacts. GDPR is giving the individual contact more control over the information you store about him/her and GDPR also determines how the communication between you and the person (data subject) should be commenced.

Purpose

The most important part of consent is about defining different purposes and by what right you can perform them.
eMarketeer has these purposes by default.

  • Store data – to keep information of data subjects in a secure place, in this case, eMarketeer.
  • Emarketing – to send emails and SMS to these contacts.
  • Profiling – to use contact information that shows interests, behavior etc, for segmenting or personalization.

Each Purpose Needs a Legal base

By which right do you have to perform the above-mentioned purposes? For each one of the purposes, you then need to add a “legal base.” A legal base can be one of the following:

  • Consent
  • Legitimate interest
  • Contract
  • Required by law
  • Protect vital interests
  • Public interests

The most relevant legal bases for most marketers are “consent” and “legitimate interest”, so let’s look at these a little closer.

Legal Bases – Consent and Legitimate Interest

GDPR states that to have consent, you need the data subject to opt-in by an “unambiguous” and “clear affirmative” action. Congratulations! You now have consent to send that marketing email or storing the data you need. But does this mean that you need a data subject’s clear affirmative action for all your purposes? No.

Say hello to “Legitimate interest”! It’s not your “get out of jail”- card, but it does make GDPR a little bit less scary. This legal base, legitimate interest, allows you to, for example, communicate with the data subject without explicit consent – if the data subject expects you to do so.

Examples:

  • If a person is a customer of yours, the customer expects you to store the data he/she gave you. It is in both of your interests that you do so. This is legitimate interest.
  • If a customer registered to your event, the customer expects you to send information about the event they registered to – Legitimate interest.
  • You have customers and you need to reach out with relevant service information to them? Legitimate interest.

This is, of course, a grey zone so it’s important to know how to apply legitimate interest; if the action you perform is in the interest of the data subject, you can claim Legitimate Interest.

    • GDPR requires a clear relationship, genuine mutual interest, a balance of interests, expected and appropriate processing, and without infringement, of individual rights and freedoms of the individual.

How to Set a Legal Base for Each Purpose

Remember that we need a legal base for each one of the purposes. Normally, it looks something like this:

  • Store data = Legitimate interest. You store the contact data because it is in both your and the subjects interest. Storing data, however, does not mean you can market to them.
  • E-marketing = Consent. For marketing (selling) you will need an explicit consent unless you can prove legitimate interest.
  • Profiling = Consent. Same as e-marketing.

 

Tip!

If you collect contact data digitally through web forms, always have a consent checkbox which clearly states how you will use the information. This way you will get an explicit consent which is a stronger legal base than legitimate interest.

Source

Additionally, when you set a consent, you always need to add the source of the consent. This could be “web form,” “added by user,” or similar. This, plus any additional information that can be provided as proof of the consent, should be added.

Withdraw consent

Regardless of which legal base you set for your purposes, the subject can always withdraw their consent and you need to provide an easy way to do so.

 

Was this helpful?