The GDPR went into effect in May of 2016. Organizations were given 2 years to get compliant before regulators would start to hand out fines. So why aren’t they compliant yet? And why can’t they even get the most basic thing sorted like the opt-in and opt-out on their sites?
Let’s cut to the chase: Opt-in by default is not allowed
I just can’t be more clear. Any form of consent request may not be pre-filled or pre-ticked.
Being able to opt-out or withdrawing your consent after the fact is a must.
That’s all folks!