Client consent, privacy statements and UK GDPR
Before processing a client’s information, getting consent from the client to use their data is vital. The UK General Data Protection Regulation (UK GDPR) is a legal framework that sets strict guidelines for how personal information can be processed. There are six lawful bases for processing data under UK GDPR, consent is one of them.
You require explicit consent to process sensitive personal data, known as ’special category data’.
Consent includes ensuring the client understands what you will be doing with their data, who it will be shared with and how it will be used. This information should be covered in a privacy statement and given to the client.
Without obtaining explicit consent from a client over how their personal data will be processed, an organisation/agency and an adviser may be at risk of substantial fines under UK GDPR.