Santander marketing preferences: GDPR concern

Jabba_flabba

agrinnall wrote: »

And what did the ICO say when you raised it with them? Do they concur with Santander's position?

I didn't raise it with the ICO. From Santander's response, it sounded to me like they had done their homework in finding a suitable get out (legitimate interests) to allow them to continue opting customers in to marketings comms by default.

waamo

Jabba_flabba wrote: »

I didn't raise it with the ICO. From Santander's response, it sounded to me like they had done their homework in finding a suitable get out (legitimate interests) to allow them to continue opting customers in to marketings comms by default.

As a youngster I used to do my homework. I did it faithfully and put effort in to it. It even sounded good. It was invariably wrong though.

Jabba_flabba

Well, I attended the GDPR course and learnt a thing or two. There was also a slide that is very relevant to this thread:

Under the GDPR, consent is only required when no other condition of processing applies (such as legitimate interest, or compliance with a legal obligation). In this sense, consent is only required as a 'last option' if no other processing reason applies. It is a common misconception that, under the GDPR, explicit consent is required in every situation - but this is not the case. When it is required, the GDPR has prescriptive rules about what constitutes consent. Where consent is being relied upon, it must be clear, freely-given, specific, informed and active in order for someone's personal data to be processed.