GPDR Templates for Client Consent

pheisinger — Tue, 27 Feb 2018 18:05:04 GMT

Re: GPDR Templates for Client Consent

pheisinger — Tue, 27 Feb 2018 18:08:25 GMT

Oops - clicked too soon.

Another post was for employee consent. We are a US law firm looking for ideas for a template for client consent. An example would be an EU citizen enlisting our firm to negotiate a property deal in the US.

Re: GPDR Templates for Client Consent

Early_Adopter — Wed, 28 Feb 2018 04:31:38 GMT

Hi Patrick,

It's not a template, but it does have checklists, and ICO UK have other guidance on their site:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/consent/

Templatizing this would make sense, remember no pre-checked tick boxes. 😉

Checklists Asking for consent

☐ We have checked that consent is the most appropriate lawful basis for processing.

☐ We have made the request for consent prominent and separate from our terms and conditions.

☐ We ask people to positively opt in.

☐ We don’t use pre-ticked boxes or any other type of default consent.

☐ We use clear, plain language that is easy to understand.

☐ We specify why we want the data and what we’re going to do with it.

☐ We give individual (‘granular’) options to consent separately to different purposes and types of processing.

☐ We name our organisation and any third party controllers who will be relying on the consent.

☐ We tell individuals they can withdraw their consent.

☐ We ensure that individuals can refuse to consent without detriment.

☐ We avoid making consent a precondition of a service.

☐ If we offer online services directly to children, we only seek consent if we have age-verification measures (and parental-consent measures for younger children) in place.

Recording consent

☐ We keep a record of when and how we got consent from the individual.

☐ We keep a record of exactly what they were told at the time.

Managing consent

☐ We regularly review consents to check that the relationship, the processing and the purposes have not changed.

☐ We have processes in place to refresh consent at appropriate intervals, including any parental consents.

☐ We consider using privacy dashboards or other preference-management tools as a matter of good practice.

☐ We make it easy for individuals to withdraw their consent at any time, and publicise how to do so.

☐ We act on withdrawals of consent as soon as we can.

☐ We don’t penalise individuals who wish to withdraw consent.

topic Re: GPDR Templates for Client Consent in Privacy

GPDR Templates for Client Consent

Re: GPDR Templates for Client Consent

Re: GPDR Templates for Client Consent