The General Data Protection Regulation The GDPR - what does it mean for executive search | Page 9

Consent
Consent
The move to the GDPR will require organisations to review their current consent
practices and audit their existing consents. Under the new legislation, consent will mean
offering individuals the opportunity to positively opt-in. Under the GDPR, silence,
pre-ticked boxes or inactivity is presumed inadequate to confer consent and indeed,
organisations must also ensure that a transparent opt-out option is readily available.
Under the GDPR consent must be freely given, specific, informed and unambiguous
and a statement or clear affirmative action. In addition, organisations must keep clear
records and be able to demonstrate evidence of consent if required. Under the new
legislation, individuals must be informed of their right to withdraw consent at any time
and their rights to be forgotten; to have access to their personal data and their right to
be informed. Organisations should review their existing consents and check they
comply with the new GDPR, if they do not fresh consent must be obtained.
For the executive search profession, reliance on consent may not always be the most
appropriate legal basis for the processing of data. In fact a recent discussion paper
issued by the ICO (the UK’s independent body set up to uphold information rights) in
March 2017, suggests that Legitimate Interest may be the most relevant legal basis in
many cases, providing it doesn’t override the rights and freedoms of the data
subject. And in most cases, with executive search it’s likely that it won’t override these
interests or prove controversial to a candidate. For further information on legal bases
read Andy Warren, Chief Information Security Officer and CFO at Invenias’ latest blog:
The Age of Consent: A GDPR Perspective.
SAN FRANCISCO | NEW YORK | LONDON | READING | KUALA LUMPUR | SINGAPORE | SYDNEY