This guidance discusses consent in detail. Read it if you have detailed questions not answered in the Guide, or if you need a deeper understanding to help you apply consent in practice. DPOs and those with specific data protection responsibilities in larger organisations are likely to find it useful.

If you haven’t yet read consent in brief in the Guide to GDPR, you should read that first. It sets out the key points you need to know, along with practical checklists to help you comply.


What's new?

Why is consent important?

Is this a big change?

What's different about the standard of consent?

What else is new?

What are the key changes to make in practice?

Can we carry on using existing consents from the 1998 Act?

What role does consent play in the GDPR?

What are the benefits of getting consent right?

What are the penalties for getting it wrong?

When is consent appropriate?

What is valid consent?

Do we always need consent?

When must we have consent?

In what other circumstances might consent be appropriate?

When is it appropriate to use consent for special category data?

When is consent inappropriate?

What are the alternatives to consent?




How should we obtain, record and manage consent? 

How should we write a consent request?

What information should a consent request include?

What methods can we use to indicate consent?

How should we record consent?

How should we manage consent?

How should we manage the right to withdraw consent?

How is consent defined?

What is 'freely given'?

What is 'specific and informed'?

What is an unambiguous indication (by statement or clear affirmative action)?

What is explicit consent?

How long does consent last?

Can a third party give consent on an individual's behalf?

What are the rules on capacity to consent?

What are the rules on children's consent?

What are the rules on consent for scientific research purposes?

When is consent invalid?