It’s hard not to know that on 25 May 2018 the EU General Data Protection Regulation (GDPR) comes into effect.

As a result, many people’s email inboxes are being bombarded by companies requesting that you “renew” your consent to be contacted.

However, this ‘safety first’ email approach is in many cases unnecessary and may prove to be counter-productive.

The GDPR states that you can continue to rely on any existing consent that was given in line with the GDPR, however you must make sure that this consent meets the GDPR standards and is properly documented.

Our specialist Data Protection team have consistently advised companies that the GDPR does not necessarily require them to obtain renewed consent from their customers. Therefore, before renewed consent is requested, a company should be asking itself:   

  1. how the original consent was obtained and documented;  
  2. whether a specific mode of communication was agreed with the customer (eg. email, text); and
  3. whether consent was obtained for the company to pass on the customers details to a third party.

If the company’s original consent satisfies the current threshold under the Data Protection Act, then the consent is likely to meet the consent requirements under the GDPR.

The good news for companies is that the time-consuming process of contacting their customers and the risk of a significant drop out of customer contacts can be avoided by taking the correct legal advice.

If a company does not have consent or cannot rely on “soft opt in” under existing laws, then sending emails to your clients requesting renewed consent is a breach under the current data protection and e-privacy rules.

If you have any questions regarding these issues please contact one of our expert Data Protection lawyers, Jo Henderson or Carla Murray, on 0161 941 4000 or at

Contact Us