Share on facebook
Share on twitter
Share on pintrest
Share on linked-in
Share on google plus
Gaining Consent in the Age of GDPR
Live Chat Blog Published On
Live Chat Blog Tags
Live Chat Blog Author
Live Chat Blog Views

30 January 2018

Gemma Baker


Gaining Consent in the Age of GDPR

For the last couple of years, data has become such a big subject, and rightly so, data allows businesses to thrive. However, as we continue into the digital age, the EU Parliament is introducing the General Data Protection Regulation, that comes into effect from 25th May 2018. The regulation is being introduced to ensure that EU citizen’s data remains safe.

Healthcare organisations should already be doing 70-75% of the points outlined in the GDPR according to Dawn Monaghan, head of data sharing and privacy (NHS England), head of Strategic IG (NHS Digital) and director Information Governance Alliance. Speaking at UKA Live: Identity, Consent & GDPR, she mentioned that there are 3 sections, the area that organisations should already be doing as part of the Data Protection Act 1998, the bits that are part of good practice codes that will become mandatory in May (this is around 30%), and then the brand new aspects.

Gaining Consent within Healthcare

One of the biggest changes brought in by the regulation is gaining consent to use the visitor’s data. Within Healthcare there is implied consent for direct care and that patient data can be shared among medical professionals. The example Monaghan used within the webinar was that “If I go to the doctor with a bad knee, he takes all my data and says I’m going to share that with the hospital as a consultant needs to see it, it is my reasonable expectation that that GP will share it with the hospital and consultant.”

There is also section 251 of the National Health Service Act 2006 that enables “the common law of confidentiality to be temporarily lifted so that confidential patient information can be transferred to an applicant without the discloser being in breach of the common law duty of confidentiality”. This is to be used in cases such as a patient attending Accident and Emergency (A&E), they can skip gaining consent to have access to the patient’s data but they do need to inform them how they are using it.

The application of gaining consent is to be used for purposes other than direct medical care. It is easy to record consent given in writing or over the phone when providing a service; however most organisations will receive personal data when an individual enquires through the website, so how can they gather the visitor’s agreement before they submit their identifiable details?chat on your website - gain consent before session starts

Organisations will need to inform visitor’s how they intend to use their personal data; this should be accessible and can easily be done within the website’s privacy policy. A link to this should be provided on any area that gathers visitors’ details (pre-chat form, contact form etc.), alongside a mandatory box that they will need to tick before the enquiry is submitted. The tick box cannot be pre-filled, and indicates that the visitor has read and understood how the organisation will use their data, recording their consent to this use.

Visitors are also able to withdraw their consent after the data has been processed under their right to be forgotten. Organisations will need to ensure they remove any records that contain traces of identifiable personal data which now includes IP addresses.

Providing Secure Software to Healthcare Organisations

Click4Assistance have recently released ‘Experiences’ the new enhanced solution, which has been developed around advanced security and GDPR.

All forms are fully customisable within the system, allowing links to privacy policies and mandatory tick boxes to be added to pre-chat, pre-call and smartContact forms etc. Data is encrypted whilst in transit using secure connections such as HTTPS / SSL, it is then stored within a fully reliable and robust back-end, where it is encrypted at rest on servers that are located in Equinix, London. 

Click4Assistance is an UK company and has been providing chat on your website software for over 10 years; our customers include CWP NHS, BMI Healthcare and NHS Scotland. For more information about complying with GDPR and the new enhanced solution contact out team on 01268 524628 or email

Author: Gemma Baker
Gemma is the Marketing Executive for UK live chat software provider, Click4Assistance, with a range of digital knowledge within PPC advertising, SEO practices, email campaigns and social media.


UK providers of live chat software and online communication tools to a range of industries, we offer a cutting edge, resilient and proven live chat solution backed-up with first class support and advice.


Live Chat Software Author


Gemma is a Marketing Executive for UK web chat Provider Click4Assistance, with a range of knowledge in live chat software and customer engagement channels, customer service methods and improving online business.


Cost-effective live chat software, proven to increase lead generation and customer satisfaction. Easy to implement and customise, the solution supports your business out of hours with the ‘leave a message’ feature.


Integrate our compliant solution with your existing systems for a seamless implementation. Intelligent chat routing ensures multiple department capabilities. Measure your ROI and monitor operators’ KPI’s with the Advanced Reporting Suite.


Increase productivity, reduce resource costs and improve customer satisfaction by answering multiple enquiries simultaneously with live chat software. Mitigate budget restraints, support digital transformation and help customers during online processes.