Who does it apply to? It is worth noting is that GDPR applies to any organization inside or outside the EU who is marketing goods or services and/or tracking the behaviors of EU citizens. If you do business with Europe this legislation applies to you. Repercussions for noncompliance: Punishments for non-compliance are significant, with large fines for those in breach of the regulation. (The maximum fine for a single breach is €20 million / 4% of annual WW turnover—whichever is greater). Consent Affirmative consent applies to the communications preferences of customers in most circumstances.
It requires ‘a clear affirmative act’ that establishes ‘informed and unambiguous consent’. A clear affirmative act can be described as express consent or as an opt-in—they are the same. Sensitive personal data, however, requires a higher level—explicit consent. Techniques such as double opt-in and cookie notices are established methods of gaining affirmative consent and are used today in Canada and Germany, both Italy Phone Number List of which have already adopted tighter legislation. Explicit consent is required for certain processing of sensitive personal data, profiling activities or cross-border data transfers. Sensitive personal data is described in Art. 9(1) of the GDPR and includes categories such as physical or mental health data, racial or ethnic origin, trade union membership.
Etc. While the GDPR does not separately define the term “explicit consent”, it likely retains the same meaning as given to it by the Article 29 Working Party under Directive 95/46/EC; “all situations where individuals are presented with a proposal to agree or disagree to a particular use or disclosure of their personal information.” Unfortunately, the distinction between affirmative consent and explicit consent is not altogether clear and hopefully, guidance on this topic will be forthcoming. Of course, customer preferences change over time and rarely exist in perpetuity and GDPR has something to say about this too— namely that organizations, specifically marketing, make it easy for any changes in preference be easy to make. If we are truly building customer relationships based on trust and care, then this should not cause fear.