Consent under the Data Protection Directive

2. The other situation is that most of these clients that use our services, make access to the web platform available to their employees, in such a situation, is it ok to get one approved consent that represents the company as an entity or do we still have to get the consents from every single user that uses the services under their own company?

Answer:

1. Where consent has been given under the Data Protection Directive, it will continue to be valid under the Regulation if it also meets the requirements of the Regulation. This may be difficult given the new and stringent requirements for consent. Under the EU GDPR consent must be freely given, specific, informed and unambiguous indication of the individual’s wishes. Also, as controller, you must keep records so y ou can demonstrate that consent has been given by the relevant individual. So, if your consent fulfills the above mentioned requirements there is not need for new consents.

I would also advise you to double check if consent is the most suitable lawful grounds for processing.

To find out more about consent check out our webinar “How to handle consents under GDPR” (https://advisera.com/eugdpracademy/webinar/how-to-handle-consents-under-gdpr-free-webinar-on-demand/).

Most likely you won't need the consent but another lawful grounds would be best suited. I would need more information about what is that your platform does and what types of personal data it processed to provide you with more insight.