• by Ray Schultz , May 11, 2018

Marketers do not need fresh consent from every customer to comply with the General Data Protection Regulation, the UK’s Information Commissioner’s Office (ICO).

Instead, they should check whether their existing consent meets GDPR standards before sending emails asking for it again.

“We’ve heard stories of email inboxes bursting with long emails from organisations asking people if they’re still happy to hear from them,” writes Steve Wood, deputy commissioner for policy for the ICO. 

He urges firms to “think about whether you actually need to refresh consent before you send that email and don’t forget to put in place mechanisms for people to withdraw their consent easily.”

Marketers should also avoid sending emails to people when they are unsure about how they gathered the contact information — in this case, “the consent would not have met the standard under our existing Data Protection Act,” Wood writes 

Finally, if they do send emails, the copy should be transparent.

“Organisations risk non-compliance if their emails are difficult to follow and key information is lost at the end of long text — people must clearly understand what they are consenting to,” he continues. 

He adds that “energy and effort must be spent establishing informed, active, unambiguous consent.”

GDPR goes into effect in 20 days.