At the University, the majority of the personal data processing is based on a legal basis other than consent, such as ‘public task’ or ‘contractual obligations’. We have been mapping the basis for processing in all our activities. Where consent is the legal condition for processing, and if we do not have a recorded opt-in consent, we have communicated with data subjects, internally and externally, to obtain a renewed consent which will allow us to continue processing the information we have for the specific purpose(s) that it was collected for. When the consent is not renewed we will stop processing the personal data and delete the information as soon as reasonably practicable.