Blog » DO NOT SCORE OWN GOAL WITH GDPR – DO YOU ALWAYS NEED CONSENT?
DO NOT SCORE OWN GOAL WITH GDPR – DO YOU ALWAYS NEED CONSENT?
28 May 2018
Do you need re-confirmation of client consent already given in each case because of the GDPR? Before sending thousands of e-mails to clients in your database to obtain their consent again, read our article to avoid throwing the baby out with the bath water!
During last week, as the D-Day of GDPR has been coming closer I received dozens of e-mails from on-line shops, hotels, travel agencies, consultancy firms and the like where I had on-line client account in the past years.
Needless to say, the second approach was more attractive for me. In case of the first type of e-mail, I thought twice whether I really need to maintain my on-line client account before clicking and renewing my consent.
Surveys show that I am not alone with this, and providers who are sending e-mails seeking re-confirmation of consent because of GDPR, face a very low response rate from their clients.
So the question is, which approach should you choose if you would like to be GDPR compliant?
Consent as legal basis
Those, who are seeking the re-confirmation of the consent already given are either unaware of the fact that consent is only one out of the six (6) other legal bases allowed by the GDPR that can serve as valid ground for processing personal data, or they interpret the Regulation too strictly in my opinion.
These data controllers, who are founding the data processing on the consent of data subjects as a legal basis, can easily score an own goal.
Given that “consent” means an activity from the data subject, a not answering customer “says no” to the data processing. This means that you have to stop the sending of any other on-line material, and you shall delete the customer’s on-line account.
Are you sure you want to let this happen?
Legitimate interest as a legal basis
Besides “consent” there is another legal basis which can be a valid ground for processing personal data: the legitimate interest of the data controller company.
This can be a valid ground for data processing, if the data processing is really necessary for the company to pursue its legitimate interest, and these interests are not overridden by the data subject’s fundamental rights.
Consent vs Legitimate interest
It is true that seeking consent is simply and you can do it by sending e-mails, without the involvement of a data protection expert.
At the same time, choosing the legitimate interest as a legal basis means that you have to carry out and document a so-called legitimate interest assessment test which is a mission impossible without a lawyer or other data protection expert.
However, the benefits are clear: in case of seeking re-confirmation of consent, you are risking the loss of the vast majority of your client database.
But in case of you opt for the smarter approach, and with the help of a lawyer or data protection expert, you are able to find a legitimate interest, which permits you to handle the client’s personal data, without risking the client’s fundamental rights, then you will have to simply notify your clients about the change, but you do not need their “consent” again.
Instead scoring an own goal with GDPR, before sending e-mails to your customers obtaining again of their consent, consult a lawyer specialized in data protection law to find the most appropriate way to comply with GDPR and not lose your client database.
IS THE JUDGE BIASED BECAUSE OF UNFAVOURABLE JUDGMENT IN OTHER CASE?
Can a judge be disqualified from deciding the legal dispute on the grounds of bias if he has delivered a judgment unfavourable to the plaintiff in another case? Can a court be biased if the plaintiff has "challenged" a previous decision of the court before the European Court of Human Rights? In this article, we answer these questions by analysing a recent judgment of the Hungarian Supreme Court.Read more »
CAN INCOMPATIBLE WORKPLACE BEHAVIOUR BE A GROUND FOR DISMISSAL IN HUNGARY?
Refusal of employer 's instructions, unjustified absence, intentional damage: some cases where the justification for dismissing an employee is relatively easy to determine. What happens, however, if the employee does not commit a severe breach of duty similar to the one above, but his or her colleagues consider him incompatible, with whom it is impossible to cooperate, or even afraid of him or her. Can dismissal be justified by behaviour that is incompatible with others and creates disharmony in the working environment? In our article, we seek the answer to this question in the light of Hungarian judicial practice.Read more »
CAN A JUDICIAL ERROR CREATE HUNGARIAN JURISDICTION DESPITE A PLACE OF PERFORMANCE ABROAD?
Can a defendant, domiciled abroad, be sued in Hungary under the Brussels I Regulation in the event of defective performance of an international sales contract if the place of performance is abroad? Can the jurisdiction of a Hungarian court be established based on the fact that the lower court expressly established its jurisdiction at the beginning of the litigation? How is the EXW clause to be interpreted within the meaning of the Brussels I Regulation? In our article, we analyse the recent decision of the Supreme Court of Hungary.Read more »