What is GDPR consent?

GDPR consent is a clause in the General Data Protection Regulation (GDPR) that requires organizations to obtain explicit consent from a user before collecting or using their personal data. This means that if you want to collect and use any personal data of your users, you must explicitly get their permission by stating how and why you need their data.

Article 7 of GDPR lays out the conditions for valid consent:

  • Freely given: The user has the right to decide whether or not they want to give consent. They can’t be forced or tricked into giving consent.
  • Specific: The user must know exactly what they’re giving consent for so that they can make an informed decision about whether or not to give it. The organization should explain exactly what kind of data will be collected and why.
  • Informed: The user must be able to understand what kind of data is being collected, why it’s being collected, and how it will be used before they give consent. They should also be made aware of the opt-out option in case they do not want to give consent.
  • Unambiguous: Consent must be unambiguous—it can’t be implied by anything else other than affirmative action such as clicking a button, checking a checkbox, etc.
  • Revocable: The user must be able to withdraw their consent at any time, and it should be as easy as it was to give it.
  • Demonstrable: The organization collecting the user data must be able to prove the user has consented to use their data.

Read in detail about GDPR consent here.