No, you don’t – you must have one of six lawful reasons for processing data set out in the regulations, but not necessarily Consent. This includes:
- where you are carrying out a Contract with the data subject or are taking steps to enter into a contract, a law firm carrying out conveyancing, or an insurance company getting information to prepare a quote.
- where a law specifically requires the processing to be done, such as money laundering checks or employee right to work checks.
- for your own or a third parties, legitimate interests. This is best where you use people’s data in ways they would reasonably expect and has little impact on privacy. For example, it is a legitimate interest for an internet shopping site to have contact details and a delivery address for shoppers.