Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:

Expert Advice Community


mailing lists

Chris Yates Created:   Feb 28, 2018 Last commented:   Mar 01, 2018

mailing lists

Hi, Does anyone know whether or not mailing lists can be used if the company who sell them are stating they are GDPR compliant and all prospects have opted in. What evidence would we, as a company, need to hold to evidence that
0 3

Assign topic to the user


Step-by-step implementation for smaller companies.


Step-by-step implementation for smaller companies.

Andrei Hanganu Mar 01, 2018
First of all you would need to be provided with the consent form used for collecting consent form the data subjects. Consent has to be freely given, specific, informed and unambiguous indication of the individual’s wishes and you as the controller must keep records so you can demonstrate that consent has been given by the relevant data subject.

Basically you would need to be able to link any individual to a consent form /consent giving process (if the consent was provided online).

The consent itself must be:
· Written in plain language - A request for consent must be in an intelligible and accessible form in clear and plain language ;
· Separate - where the request for consent is part of a written form, it must be clearly distinguishable from other matters;
· Affirmative action - The consent must consist of a clear affirmative action. Inactivity or silence is not enough and the use of “pre-ticked boxes” is not allowed;
· Catch all consent is not allowed- If the relevant processing activity has multiple purposes, consent must be given for all of them. For example, it would not be possible to rely on performance of a contract when providing services to an individual and obtain a separate consent for direct marketing.
· No detriment - Consent will not be valid if the individual does not have a genuine free choice or if there is a detriment if they refuse or withdraw consent.
· No power imbalance - Consent might not be valid if there is a clear imbalance of power between the individual and the controller, particularly where the controller is a public authority.;
· Unbundled consent - You cannot “bundle consent”. Where different processing activities are taking place, consent is presumed not valid unless the individual can consent to them separately;
· Not tied to contract - Consent is presumed not valid if it is a condition of performance of a contract;
· Withdrawable - The individual can withdraw consent at any time and must be told of that right prior to giving consent. It should be as easy to withdraw consent as it is to give it

So, in a nutshell you would need to benchmark the consent with the conditions bellow and if all of them are complied with that the consent would be valid as per the EU GDPR requirements.

You may find interesting our webinar on “How GDPR Affects Marketing Practices” (https://advisera.com/eugdpracademy/webinar/how-gdpr-affects-marketing-practices-free-webinar-on-demand/ ).
0 1

Comment as guest or Sign in

HTML tags are not allowed

Feb 28, 2018

Mar 01, 2018

Suggested Topics

Guest user Created:   Aug 28, 2018 EU GDPR
Replies: 1
0 0

GDPR advice for a Surf Camp

Guest user Created:   Jul 17, 2018 EU GDPR
Replies: 1
0 0


Guest user Created:   Jul 13, 2018 EU GDPR
Replies: 1
0 0

School mailing list