GDPR Summit London: Transparency and consent will be core to GDPR compliance

For Julia Porter, Board Director at DMA, a material change towards marketing begins with transparency – making sure the customer understands what’s in it for them.

Going deeper, delegates at GDPR Summit London heard how preparing for GDPR is about improving profitability via better quality data, something that Southwest Airlines achieved through a policy of “transfarency”. The organisation is enjoying enhanced reputation from this good governance, well-deserved boosted valuation and shareholder trust.

A cornerstone to transparency is having the basics done correctly, such as having consistent records of customer interactions. It’s far easier to achieve this if all your data is in one place, not distributed across silos and hidden among towers of spreadsheets. Centralised data is far more manageable.

This approach and its new practices should be expressed in a new data privacy notice – a new promise that reflects the values of your brand. On the customer side, value lies is giving back control – enabling people to update their consent preferences in a clear and easy-to-understand way.

Board level commitment must be secured before transparency can be adopted as a core business value. HR departments then need to focus on the compliant quality of communications. It’s no longer about quantity. From here it’s a matter of measuring the impact of your new approach while maintaining an element of creativity so that testing and learning continue.

Consent-based marketing

The effectiveness of transparency under GDPR will depend upon consent, which is integral to the future culture of data privacy. And it’s not a concept: consent is a real, specific thing which has to be guaranteed.

Consent must be:

  • Freely given: the data subject must be able to refuse or withdraw their consent to their data being used without detriment.
  • Specific: if data is being collected, it’s use must be specified clearly.
  • Informed: the data subject must be told about the impact that use of their data can have.
  • Finally, consent is definitive. Once the data subject does not respond to requests for access, the data processing ends.

Beyond consent, there are five other legal ways to process data.

  • Legitimate interest
  • Compliance with legal obligation
  • Vital interest of the individual
  • Public interest
  • Through a contract

Consent represents a new ROI. It must be unbundled and separate from other terms and conditions; it must be an active, explicit opt-in. But it must also be demonstrated, so that who consented, how and when can easily be established. As such, rather than being a one-time interaction, GDPR will usher in consent as a customer experience journey, an evolution in trust whose stages can be evidenced in full.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.