The latest GDPR blog from the ICO is certainly worth a read if you have encountered conflicting advice about the need for consent. In the article, Elizabeth Denham from the ICO tackles the myth that organisations must have consent in order to process personal data. Guidance from the ICO states that whilst consent is one of the lawful bases for processing personal information, the GDPR provides five other ways of processing data which may be more relevant and appropriate in certain situations. For executive search, there are a number of scenarios where there would certainly appear justification for choosing legitimate interest as a legal basis. 

If you are unsure of the relevance of consent and legitimate interest in satisfying the requirements of the GDPR, why not read: ‘The Age of Consent: a GDPR Perspective’? Written by Andy Warren, Invenias CFO and Chief Information Security Officer at Invenias, this short blog provides a really good overview of two key legal bases.