Trending authentication is the process by which therennovationsspace station windowauthenticationbuilding renovationscoastal france from international space stationauthentication does what:gordon russell furniturelargest window in the worldthe process of proving that provided identity credentials are valid and correct is referred to as:new homes chipping nortonwindow lives space

Privacy consent request: how to adapt your website to the new GDPR

Do you already have a website and need to adapt it on the basis of the new GDPR regulation? Consent is one of the privacy obligations provided for by the GDPR and must be requested only in certain cases and respecting specific requirements to be valid. Here are the basic steps to adapt the privacy consent request to the new legislation.

Privacy consent request: how to adapt your website to the new GDPR

When should consent be requested on a website or app?

The privacy consent request must by law be given before the collection of personal data. By these, we mean any information that can identify users or can lead to their identity.

On the other hand, consent should not be requested when data is collected:

  • by a natural person for personal or domestic purposes only;
  • exclusively for the execution of a contract (e.g. delivery address for a purchased product);
  • by law / public utility (e.g. request for billing data);
  • to exercise a legitimate interest (e.g. defending oneself in court, some particular direct marketing activities);
  • in case you want to safeguard the vital interests of the data subject or of another natural person.

The user’s freedom of choice in giving authorization for the processing of personal data is fundamental. This means, for example, that it will not be possible to prevent the user from using a service if he does not grant authorization for a particular processing of his data (e.g. if you do not agree to receive the newsletter you cannot be updated). Furthermore, consent must be able to be granted and revoked at any time and with the utmost simplicity.

How to behave in practice for the privacy consent request

In practice, consent to the processing of personal data must be requested for:

  • purposes other than those of providing the service by the site (e.g.  marketing purposes);
  • the use of sensitive data (data relating to health, sexual, religious, political, racial or ethnic origin, trade union membership, as well as genetic data, biometric data, etc.);
  • the transfer of personal data to a non-EU country or international organization in the absence of an adequacy decision and adequate guarantees;
  • for an automated decision-making process (e.g. profiling)
  • for the communication or transfer of data to third parties (e.g. if the data must be sent to the consultant for an advertising campaign).

The simplest and most direct system for giving consent to its users is the presence of a check-box (a box) next to the link for the privacy policy. It is important that the check-box is not pre-filled (so-called reflagging) but that the user manually selects the box. The same check-box can no longer be used to obtain the consent of more information at the same time. Each check-box must relate to a single specific treatment. For example, you cannot use a single box to accept both terms and conditions and the privacy policy.

The owner of a website must keep track of each consent received in an electronic register, so as to be able to demonstrate when and how the user has given it. It must also verify that the consents collected prior to 25 May 2018 (the date of entry into force of the GDPR) comply with the conditions of the new GDPR regulation. If these are not compliant, they must be collected again.

New features of privacy consent according to the GDPR

The new GDPR Regulation (Article 4) establishes that consent means any manifestation of the user’s free, informed, specific and unequivocal will with which the latter authorizes the processing of their data.  This manifestation of the will must come about through an unequivocal positive statement or action.

FEATURES OF CONSENT
FREE IT MUST BE GIVEN FREELY WITHOUT INTIMIDATION OR FRAMING
SPECIFIC IT IS NOT VALID IF LOANED IN A GENERIC WAY
INFORMED THE INTERESTED PARTY MUST KNOW WHICH DATA WILL BE PROCESSED
UNEQUALABLE IT MUST BE SUCH AS TO EXCLUDE ANY UNCERTAINTY OR DOUBT
EXPLICIT MANIFESTED TO ES. THROUGH THE FILLING IN BY THE USER OF AN ELECTRONIC FORM
VERIFIABLE THE HOLDER MUST KEEP TRACK OF ALL CONSENT
REVOCABLE IT IS POSSIBLE TO REVOKE IT AT ANY TIME

How to create privacy documents updated to the GDPR?

You can customize and immediately download all the documents necessary to properly inform users by simply answering a few guided questions:

  • Privacy policy for website or app
  • Cookie policy for website
  • Register of personal data processing

In addition, our GDPR Websites Adjustment Consultancy allows you to adapt your site or app to all the necessary obligations provided for by the new European privacy regulation. Through a specific analysis we will show you the necessary steps to put all aspects of your site in order to comply with the GDPR and avoid penalties.