Search Our Site

We have 3,752,060 registered online learners.
553 new learners so far today.

Personal data & GDPR: How consent has changed

schedule 11th October 2017 by Ben Piper in Virtual College Last updated on 23rd May 2018

Man typing on keyboard

General Data Protection Regulation (GDPR) officially came into force on May 25th 2018, changing the rules around data consent as outlined in the old Data Protection Act.

Personal data and GDPR

Under GDPR, conditions surrounding consent have been restructured, meaning companies should no longer be using long and complex terms and conditions that are full of legal jargon. Instead, information on data privacy must be easily accessible, easy to understand and let consumers know exactly how their data will be stored, used and processed.

What's more, rules around consent must be distinguishable from all other privacy matters and be outlined in clear and plain language. GDPR provides consumers with a 'right to be forgotten', so withdrawing consent for data usage must be as easy as giving it.

The legislation requires companies to give their customers an 'opt-in' option to having their data kept on file, and bans pre-ticked opt-in boxes. In addition, businesses need to keep clear records demonstrating exactly where consent has been given.

Personal data and GDPR: Minors

One of the biggest changes to come in with GDPR is that parental consent is now required before internet service providers can process the personal data of children aged 16 and under. A similar rule has already been in place in the US for almost 20 years.

This change in particular demonstrates how companies can no longer simply generalise and brush over data consent. If they do not take GDPR's data consent laws seriously, they could face hefty financial penalties.

GDPR considerations

Ahead of the introduction of GDPR, businesses should have spent time rewording their current data consent policies to provide greater clarification to consumers.

Measures should also be in place for determining the difference between valid and explicit consent, with a data controller appointed to deal with any personal data consent-related queries.

Every company should also have a code of conduct to implement standards for effective consent verification, taking into account the specific features of their individual business.

Remember, the penalty for failing to comply with GDPR and provide clarity on consumers' personal data can be as much as €20 million, or four per cent of a firm's annual turnover, depending on which is greater.

Want to know more about what's changed regarding personal data and consent following the introduction of GDPR?

Does your company need an introduction to GDPR? Check out our free GDPR overview course today.

Related resources

Ben Piper - Virtual College

Author: Ben Piper

Ben is a member of the Virtual College marketing team. He has a degree in economics and writes about business and education issues. In his spare time he loves food, drink and films.

ISO 9001:2015
Crown Commercial Service Supplier
LPI Accredited Learning Technologies Provider


+44 (0)1943 605 976

Virtual College

Marsel House


West Yorkshire

LS29 8DD

Awards for footer
Gold and silver award winners at the Learning Technologies Awards 2017 - including gold for excellence in the design of learning content.


We are in the process of moving to one Virtual College website. If you want to go back to a course, or start a course, bought from our old website then you may need to login to our original learning management system. Otherwise, please proceed to our new learning management system to return to your training.


You are already logged in. Click the button below to be taken to your LMS dashboard. Alternatively, click logout to leave the system.