When do I have to ask for consent?

Consent is one of the legal bases on which you will be able to process personal data.
When do I need to ask for consent? And how do I do it?

GDPR consent: what is it?

Under the GDPR, it should be noted that consent is one of the legal bases on which you will be able to process personal data. The GDPR requires this consent to be free, specific, informed and unambiguous. Articles 4 and 7 of the GDPR have provided conditions applicable to consent.

Before the GDPR came into force in 2018, consent was already enshrined in the Data Protection Act. The GDPR therefore came to reinforce it by specifying the conditions for its collection. Consent enables strong control over personal data:

     - Understand how the data will be processed;

     - Choosing to accept or refuse treatment ;

     - Change your mind freely.

Once consent has been obtained, you, as data controller, have the possibility of processing personal data. Consent is often requested when subscribing to or using a service, and must be obtained under specific conditions to ensure its validity.

GDPR consent in commercial
prospecting

In B2C, building a clients base isn't the most difficult task. Unlike B2B, in B2C prospecting, you can't contact prospects directly until you've received their consent. This is known as opt-in.

For this reason, the GDPR authorizes you to rent and purchase databases that will serve you in your commercial prospecting. In addition, there are various ways in which you can build up a database, namely:

Webinars, loyalty programs, advertising, etc.

On the other hand, you need to pay attention to the Data retention periods that the GDPR has laid down in its articles. In other words, the data you have will eventually expire and become unusable. This will diminish the value and richness of your databases, and will certainly limit the initial investment made.

What's more, unlike B2C prospecting, in B2B prospecting the conditions and rules are less onerous. In fact, the only requirement for BtoB prospecting is that you address companies that are likely to be interested in your product or service.

If you're selling fridges, for example, it's imperative that you approach companies that are interested in fridges. If you don't, you're no longer compliant, and your reputation will suffer as a result.

By complying with this condition, you'll be able to gather information from LinkedIn and other sources, with a view to expanding your list of prospects. It's also important to distinguish between the different prospecting methods used: SMS, email, telephone and post.

GDPR consent on your website

As long as cookies have not yet been deleted, all Internet users have them on their browsers. Cookies are small text files that are stored on our devices after they have been sent to us.

The GDPR has provided articles outlining what you need to consider to be able to collect consent on your website, while still being GDPR compliant.

That's why the cookies banner is one of the mandatory elements you must include on your website, in addition to the legal notice, privacy policy and cookies policy.

How to obtain valid consent for your cookie banner?

To collect consent on a cookie banner, the CNIL (National Commission for Information Technology and Civil Liberties) requires you to consider various elements, so that you are GDPR.

The first step is to inform users. It goes without saying that to obtain a person's consent to anything, you first have to inform them. The same goes for the users of your website. They need to be informed of the different objectives behind the use of tracking data on your website.

Secondly, you need to clarify your request in such a way that silence on the part of an Internet user in no way implies acceptance of cookies. In fact, according to the CNIL (National Commission for Information Technology and Civil Liberties), your users' silence is considered to be a refusal. So don't use practices that are difficult to understand.

And don't forget that you're obliged to ask for specific consent for each Purpose. On this subject, the CNIL (National Commission for Information Technology and Civil Liberties) recommends setting up checkboxes based on users' choices and purposes.

Finally, once consent has been obtained, you must give the user the option of going back on their decision. In fact, your cookie banner must contain a button enabling you to withdraw consent at any time. You can see our cookies banner at bottom left.

Risks of non-compliance with consent

For your lack of knowledge of the various GDPR provisions, you risk heavy penalties and fines, and this applies whether you're a processor or data controller. This can go up to 20 million euros or 4% of your annual turnover.

Worse still, these sanctions can be published and made public.

In addition to the sanctions and fines you risk, non-compliance with the GDPR has the power to impact your business. Indeed, the risk of being audited by the CNIL (National Commission for Information Technology and Civil Liberties) remains, all the same, reduced. On the other hand, you should be aware that the CNIL (National Commission for Information Technology and Civil Liberties) requires companies to work only with GDPR organizations. Organizations that will be able to protect the personal data they process, even in the event of a data leak.

In other words, if the organization you're working with isn't compliant and loses your personal data, there's absolutely nothing you can do. This is because you haven't checked that they are compliant before signing the contract.