Preparing for GDPR: Documentation of consent

In the latest in our series on GDPR, we look at one of the key aspects of the regulation: the documentation of consent.

In order to comply with the EU General Protection Regulation, companies will be required to keep a wide range of documentation. According to the ICO, the following bad and good examples provide an indication of the level of documentation of consent you will be required to maintain:

BAD: “You keep the time and date of consent linked to an IP address with a web link to your current data-capture form and privacy policy”

GOOD: “You keep records that include an ID and the data submitted online together with a timestamp. You also keep a copy of the version of the data-capture form and any other relevant documents in use at that date”

On a recent webinar, The DMA said that ‘relevant documents in use’ could, for example, refer to a telephone call script. As a lead generation company that manually qualifies leads via telephone calls, this is highly applicable to the way we work. Plus, as we introduce a more omni-channel approach to consumer communication, this would then extend to transcripts of online communications using channels such as Facebook Messenger, WhatsApp etc.

Consent documentation in lead generation

For some companies, this documentation of consent is potentially a high bar to meet. Depending on their technical infrastructure, they may be relying on a third party hosting/website company to implement the means to capture the correct timestamps, etc. at the point of data collection for example.

As a mature player in the industry, this is a low bar for TLA. All of our website assets are built and managed in-house, and enquiries are recorded in secure databases. This means that we fully in control of how we record this information, including text and policies that were seen, and the user’s choices. Where consent is gained in a telephone call, we use robust call recording technology, and our QA team are constantly checking for quality and compliance.

We are currently building a compliance portal where partners will be able to access complete and transparent audit trail information, showing the entire customer journey through our processes as well as providing access to call recordings.

Other documentation solutions

For a straightforward web-based data capture form, simple software solutions have entered the market, but these are not without limitations: for example, something that takes a screenshot of the enquiry form at the point of submission creates technical and storage overheads, and ultimately leads to non-database storage of data, which in itself creates risk. This approach also only covers a small part of the consent process in a more complex user journey.

With the progression of technology and changes in consumer habits, we are embracing new ways to communicate with our consumers. Many prefer an interactive enquiry rather than fixed, form-based approach and we are currently trialling our latest chatbot technology that engages with consumers through conversation in order to generate enquiries. Again, because these are built in-house, and feed directly into our own systems, we can obtain and record consent in these systems in a way which third-party software solutions could not.

Keep an eye out for more details of some of our latest tech innovations, as well as GDPR-related articles, via the News & Views.

Bill Lawrenson, business intelligence manager, The Lead Agency