Consent

A freely given, specific, informed, and unambiguous indication of an individual's agreement to processing of their personal data. Consent is one of several lawful bases for data processing but comes with strict requirements. Under GDPR, valid consent requires clear affirmative action (no pre-checked boxes), separation from other matters, specific indication of which processing is consented to, easily withdrawable at any time, and demonstration that individuals understood what they were consenting to. Consent must be freely given—meaning no coercion, genuine choice, and no significant imbalance of power. It should be granular, allowing individuals to consent separately to different processing purposes rather than bundling everything together. Organizations must maintain records proving consent was obtained validly. Relying on consent is challenging because it can be withdrawn anytime, requiring you to stop processing. For many business activities, other lawful bases like legitimate interests or contractual necessity are more appropriate.