Consent is one of the lawful basis for processing data as per the GDPR. Businesses are required to ask for consent when they’re collecting personal data for non-essential purposes like marketing and website analytics.
These are some of the ways through which you can collect consent for different purposes.
- Opt-in checkbox for contact forms or subscriptions
- Cookie consent banners for use of cookies
- Cookie callback widgets to change cookie preferences
- Opt-in email after a user subscribes (double opt-in)
- Unsubscribe (opt-out) buttons and links in emails
- Consent settings on an app dashboard
- Consent statement or form on paper
- Clear oral consent requests (with proof of consent)
To be compliant, ensure that you collect consent as per the provisions of the GDPR. Under Article 6 and Article 7 of GDPR,
- Consent has to be freely given, specific, informed and unambiguous.
- You must keep a record of user consent i.e. who, when, and for what purposes was consent asked and given.
- Your users must also be clearly informed on how they can withdraw their consent (anytime they wish to).