Consent under the General Data Protection Regulation: what are the alternatives for employers?

August 22, 2017

The UK's Information Commissioner, Elizabeth Denham, has launched a series of blogs designed to “bust some of the myths” which she believes have developed around the EU General Data Protection Regulation (GDPR). Her first blog addresses the high-profile issue of fines and her second, published on 16 August 2017, focuses on the equally well-publicised issue of consent.

In order for data processing to be lawful, the data controller or processor must identify a lawful basis for the processing. Currently many employers rely on consent as the lawful basis for the processing of their employees’ personal data (including their sensitive personal data). However, from 25 May 2018, when the GDPR comes into effect (and which will be implemented in the UK through the Data Protection Bill), it is doubtful that such consent will be valid. The myth which the Information Commissioner aims to bust in her latest blog is that an organisation must have consent if it wants to process personal data.

 Read "Consent under the General Data Protection Regulation: what are the alternatives for employers?"