The ICO exists to empower you through information.

This guidance discusses consent in detail. Read it if you have detailed questions not answered in the Guide, or if you need a deeper understanding to help you apply consent in practice. DPOs and those with specific data protection responsibilities in larger organisations are likely to find it useful.

If you haven’t yet read consent in brief in the Guide to UK GDPR, you should read that first. It sets out the key points you need to know, along with practical checklists to help you comply.

Contents

Why is consent important?

When is consent appropriate?

What role does consent play in the UK GDPR?

What are the benefits of getting consent right?

What are the penalties for getting it wrong?

Do we always need consent?

When must we have consent?

In what other circumstances might consent be appropriate?

When is it appropriate to use consent for special category data?

When is consent inappropriate?

What are the alternatives to consent?

What is valid consent?

How should we obtain, record and manage consent? 

How is consent defined?

What is 'freely given'?

What is 'specific and informed'?

What is an unambiguous indication (by statement or clear affirmative action)?

What is explicit consent?

How long does consent last?

Can a third party give consent on an individual's behalf?

What are the rules on capacity to consent?

What are the rules on children's consent?

What are the rules on consent for scientific research purposes?

When is consent invalid?

How should we write a consent request?

What information should a consent request include?

What methods can we use to indicate consent?

How should we record consent?

How should we manage consent?

How should we manage the right to withdraw consent?