Knowledgebase

Tag Cloud

android apple ftp gmail google drive ios macosx security

Support

Records of consent

What are Records of Consent in GDPR?

Records of consent are the documentation you must keep to prove that a user gave explicit permission for their personal data to be processed. Under the General Data Protection Regulation (GDPR), consent must be freely given, specific, informed, and unambiguous. This means you can't rely on pre-ticked boxes or implied consent. You must be able to demonstrate how and when a person consented.

Why are Records of Consent Important?

Maintaining records of consent is a legal requirement under Article 7(1) of the GDPR. These records serve as a crucial audit trail. If a data protection authority, such as the Information Commissioner's Office (ICO) in the UK, investigates your company, you will need to provide these records to prove compliance. Without them, you could face significant fines.

What Information Should a Record of Consent Include?

Your records should contain enough detail to show that a valid consent was obtained. This typically includes:

  • The user's identity: An identifier like a unique consent ID, a device ID, or a user ID. You should not store personally identifiable information (PII) like an email address unless necessary and with consent.

  • The date and time of consent: This proves when consent was given.

  • The specific data processing activity: What did the user consent to? For example, "tracking cookies for analytics" or "receiving marketing emails."

  • The legal basis for processing: A clear statement that the legal basis is "consent."

  • The statement of consent: A record of the specific wording the user agreed to (e.g., "I agree to the use of analytics cookies").

  • The method of consent: How did the user consent? Was it by clicking a button, submitting a form, or some other action?

How to Maintain Records of Consent

The good news is when you are using our Privacy Policy, Terms and Cookie consent solution you are covered by UserCentrics who keep this information for you, they handle the technical aspects of recording and storing this information for you.

When a user interacts with your cookie banner, the service automatically logs their choices and generates a unique consent ID. This ID is a key identifier for their specific consent log.

If a user requests a copy of their consent log (a right under GDPR's right of access), you can use this unique ID to retrieve the record.

How to request a Record of Consent

  1. Ask the user for their consent ID from the banner's second layer (open the banner, click Services and scroll to the bottom. The option is called "ID to request consent data")
  2. Provide it in a ticket to our support team
  3. We'll get the data for you frm Termageddon / UserCentrics and send it through 

This process ensures you can fulfill a user's request without a complicated manual search.

In essence, these records are your proof of compliance. 

Was this answer helpful?

0 Users Found This Useful

Related Articles

How to embed the code on my Wordpress site?

Here's Hans with a helpful video on how to embed your Privacy Policy on your Wordpress website.

How to add code on my Squarespace website?

Here's Hans of Termageddon to show you how to embed your code on to a Squarespace website.

How to embed your Privacy Policy on your website

After generating your policies, you will be provided with an embed code. This embed code is...

Can I change the styling?

You can update the styling of the policy on your site. There is nothing fancy going on, it uses...

Should you consolidate all policies onto one page?

You need a separate page for each policy because the law says so. Article 7 of General Data...