GHF Member Consent

Share the article

GHF Procedure for obtaining Member/Customer Consent

This Procedure is the responsibility of the DPO


When is consent required


Consent is only one of several available legal grounds to process personal data under the EU General Data Protection Regulation 2018 (GDPR 2018).


It is important that you ensure that consent is needed and you may need to check with the Organisation’s [DPO][compliance officer] if there is any other lawful basis for processing personal data, for example contract or legitimate interest.


This documented Procedure deals only with the lawful basis of Consent.


Consent requests


Under the GDPR there are certain requirements that processors must adhere to when obtaining [client or customer] consent. These include:


  • There must be a positive opt-in for genuine consent to be given.
  • Pre-ticked boxes or any other method of default consent must not be used.
  • Explicit consent requires a very clear and specific statement of consent.
  • Consent requests must be kept separate from other terms and conditions.
  • Requests for consent must be specific so that you get separate consent for separate things
  • Vague or blanket consent is not enough.
  • Consent requests must be clear and concise. It must name the organisation, why you want the data and what you intend doing with the data
  • The request must name any third party controllers who will rely on the consent.
  • It must be easy for a [customer] [client] to withdraw consent and you must tell them how.
  • Avoid making consent to processing a precondition of a service.
  • Ensure [customer][client] can withdraw consent without detriment


Record keeping


Under the GDPR a record must be kept of the consent provided by the [client/customer]. Record keeping procedures include:


  • Keep a record of when and how you got the consent from the [Customer][client]
  • Keep a record of exactly what the [customer][client] was told at the time of them giving the consent


Managing Consent


You must regularly review consents to check that the relationship, the processing and the purposes have not changed.


Publicise how individuals can withdraw their consent. Ensure this is a simple process for the [customer][client].


If a [customer][member] withdraws consent you must act upon the withdrawal of consent immediately.


You must not penalise [customers][member] who wish to withdraw consent.


A sample consent form taken from the ICO website when seeking consent for using data for direct marketing. Such consent must contain a specific opt-in.


Here at GHF we take your privacy seriously and will only use your personal information to administer your account and to provide the products and services you have requested from us.


However, from time to time we would like to contact you with details of other [surveys/ [offers]/[services]/[competitions] we provide. If you consent to us contacting you for this purpose please tick to say how you would like us to contact you:


Post ☐    Email ☐    Telephone ☐    Text message ☐    Automated call ☐

We would also like to pass your details onto other [name of company/companies who you will pass information to]/[well defined category of companies], so that they can contact you by post with details of [specify products]/ [offers]/[services]/[competitions] that they provide. If you consent to us passing on your details for that purpose please tick to confirm:


I agree ☐


Withdrawal of consent


I [full name] hereby withdraw my consent for GHF to use my personal data for direct marketing purposes.


I understand by completing and submitting this form GHF will immediately remove my personal information for the use of direct marketing


I hereby withdraw my consent


Issue No

Description of change


Date of Issue

Date to review
















Last modified on Saturday, 02 January 2021 17:00

Donation - Help us to 'Engage the BBC'