Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Viewer II

GPDR Templates for Client Consent

2 Replies
Viewer II

Oops - clicked too soon.


Another post was for employee consent.  We are a US law firm looking for ideas for a template for client consent.  An example would be an EU citizen enlisting our firm to negotiate a property deal in the US.

Community Champion

Hi Patrick,


It's not a template, but it does have checklists, and ICO UK have other guidance on their site:


Templatizing this would make sense, remember no pre-checked tick boxes. 😉


Checklists Asking for consent

We have checked that consent is the most appropriate lawful basis for processing.

We have made the request for consent prominent and separate from our terms and conditions.

We ask people to positively opt in.

We don’t use pre-ticked boxes or any other type of default consent.

We use clear, plain language that is easy to understand.

We specify why we want the data and what we’re going to do with it.

We give individual (‘granular’) options to consent separately to different purposes and types of processing.

We name our organisation and any third party controllers who will be relying on the consent.

We tell individuals they can withdraw their consent.

We ensure that individuals can refuse to consent without detriment.

We avoid making consent a precondition of a service.

If we offer online services directly to children, we only seek consent if we have age-verification measures (and parental-consent measures for younger children) in place.

Recording consent

We keep a record of when and how we got consent from the individual.

We keep a record of exactly what they were told at the time.

Managing consent

We regularly review consents to check that the relationship, the processing and the purposes have not changed.

We have processes in place to refresh consent at appropriate intervals, including any parental consents.

We consider using privacy dashboards or other preference-management tools as a matter of good practice.

We make it easy for individuals to withdraw their consent at any time, and publicise how to do so.

We act on withdrawals of consent as soon as we can.

We don’t penalise individuals who wish to withdraw consent.