ABSTRACT
Under the General Data Protection Regulation (GDPR), the data protection principles set out the main responsibilities for organizations. The principles are similar to those in the the Data Protection Act (DPA), with added detail at certain points and a new accountability requirement. Consent under the GDPR must be a freely given, specific, informed and unambiguous indication of the individual’s wishes. There must be some form of clear affirmative action – or in other words, a positive opt-in – consent cannot be inferred from silence, pre-ticked boxes or inactivity. Consent must also be separate from other terms and conditions, and a person will need to provide simple ways for people to withdraw consent. Public authorities and employers will need to take particular care to ensure that consent is freely given. Consent has to be verifiable, and individuals generally have more rights where a person relies on consent to process their data.
