Search Our Site

We have 3,033,140 registered online learners.
6 new learners so far today.

Personal data & GDPR: How the role of consent has changed

schedule 4 months, 1 week, 2 days ago by Ben Piper in Virtual College

Man typing on keyboard

When the GDPR comes into force there will be changes to how businesses gain consent to use a person's data. Here we take a look at how this will differ from the current law.

The introduction of the General Data Protection Regulation (GDPR) in May 2018 will mean that the current Data Protection Act regarding consent will change. In particular, the parental consent given regarding a minor online will strengthen so that children and young people are protected.

Conditions surrounding consent have been restructured, meaning that companies will not be able to use long and complex terms of condition that are full of legal jargon. Instead, the request for consent must be easily accessible, easy to understand and have the purpose for data processing attached to the consent.

In addition, consent must be clearly distinguishable from other matters, while providing an intelligible and easily accessible form, with clear and plain language. Withdrawing consent must also be as easy as giving it, as users will now have a ‘right to be forgotten’.

The data of minors

As of May, for the first time, the GDPR will require parental consent before information society service providers can process the personal data of children under 16 years of age. Although this is a new avenue for Europe that will no doubt face many interpretations and implementation challenges, it is currently in practice in the US and has been for almost two decades.

Moving forward, companies can not regard consent as an area to generalise and brush over, and they must work now to prepare for the upcoming regulation to avoid heavy fines that could be damaging to their business.


Organisations and companies must think now about rephrasing and rewording their current information surrounding consent. They must provide greater specification about what is meant by consent, considering the legal grounds. They will have to establish whether or not there is an available alternative to the consent path.

Given the extensive lengths that a data controller will have to go to demonstrate valid consent, it is hard to decipher what further steps could be needed to distinguish such a consent from one that is explicit.

However, codes of conduct could be a possible way to create standards for effective consent verification, and the GDPR encourages data controllers to adopt codes of conduct that take into account the specific features of each business.

Does your company need an introduction to GDPR? Check out our free overview course today.

Related resources

Ben Piper - Virtual College

Author: Ben Piper

Ben is a member of the Virtual College marketing team. He has a degree in economics and writes about business and education issues. In his spare time he loves food, drink and films.

ISO 9001:2015
Crown Commercial Service Supplier


+44 (0)1943 605 976

Marsel House

Ilkley, West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.
Live Chat

Click to chat


We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.


You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.