Iubenda logo
Start generating


Table of Contents

Consent records 101: What You Need to Know About Consent Records

Consent is a core principle of data protection laws. In today’s digital age, where large amounts of personal data are collected, stored, and processed by multiple organizations and individuals, as a business owner, it’s important to be aware of the importance of consent records to avoid violating customer rights and serious liabilities.

Consent Records

In this article, we will give you an overview of consent records and how you can manage them, as well as some useful tips to help you take informed decisions about the personal data of your users. Keep reading! 👀

Consent records serve as proof of consent, and it’s a requirement under laws such as the GDPR, which in particular requires, according to Art. 30 of the GDPR, to create records of processing activities and to have an overview of the procedures by which personal data are processed. Therefore, data protection authorities will often ask for consent records, especially if there has been any kind of complaint.

As mentioned before, consent records or consent proofs under GDPR are an obligation, and must include significant information about data processing, including the categories of data, the group of data subjects, the purpose of the processing, and the data recipients. This information should be made available to authorities upon request.

They also serve to protect you if you are challenged, if a customer makes a complaint, or if the DPA (Data Protection Authorities) simply decides to investigate you.

For example, if a company does not keep records of processing activities and/or does not provide a full index to the authorities, they are subject to fines under Art. 83(4)(a) of the GDPR.

For US customers or even for people to whom the GDPR does not apply, it can be useful to have consent records, especially if you are governed by laws such as the US.

💡 Consent records are a great way to be able to demonstrate that you obtained consent for certain purposes, or even to demonstrate that some users agreed to, for example, a terms and conditions form or something similar.

Without this proof, proving consent may become difficult and result in serious legal and ethical consequences.

Because consent under the GDPR is such an important issue, it’s mandatory that you keep clear records and that you’re able to demonstrate that the user has given consent; should problems arise, the burden of proof lies with the data controller, so keeping accurate records is vital.

The records should include:

  • who provided the consent;
  • when and how consent was acquired from the individual user;
  • the consent collection form they were presented with at the time of the collection;
  • which conditions and legal documents were applicable at the time that the consent was acquired.

🔍 Read our article for an overview of what are the different types of consent.

This is what you need to keep on top of:

  • Ensure accuracy: By regularly reviewing and updating consent records, you can detect any inaccuracies or outdated information and make necessary corrections.
  • Comply with regulations: Regulations and laws related to consent can change over time, so it is important to regularly review and update your documents to ensure that your organization is in compliance with current laws and regulations.
  • Reflect changes in circumstances: Individuals’ circumstances and preferences may change over time, so it is important to periodically review and update your proofs of consent to reflect these changes.
  • Maintaining privacy and confidentiality: Regularly reviewing and updating consent records helps to maintain the privacy and confidentiality of the individuals involved.

Luckily, our Consent Database does all of this automatically, so you don’t have to do it manually yourself.

👉 What does this mean for a website or e-commerce owner?:

As a website or e-commerce owner, it is crucial to understand the regulations enacted by Data Protection Authorities that govern consent records and avoid potential legal consequences.

If European laws apply to you, and you are running cookies and trackers and collecting consent via a consent banner, be aware that you will need consent records. Fortunately, it’s also integrated into the Privacy Controls and Cookie Solution to help you manage every aspect of cookie consent and privacy preferences across multiple locations.

  • 🇺🇸 If you are in the U.S. or, U.S. laws apply to you. While you may not have to obtain consent in most cases, under some laws, when minors are involved, you may need to obtain opt-in consent for minors, but more importantly, so you don’t end up opting the same person in when they return to your site, you may need to keep opt-out consent records. Our solution basically remembers these things and can help you with them.
  • 📄 If you use forms on your website, you will also need to collect proofs of consent. Luckily, our Consent Database simplifies this process by helping you easily store proof of consent and manage consent and privacy preferences for each of your users.

How to be compliant easily

Meeting the regulations can be a technical challenge to implement in practical terms, luckily we have these pretty awesome solutions that will make it easy to comply with the different regulations.

  • iubenda ensures that you comply with the GDPR, the Cookie Law, and third party requirements. It’s also simple to use. The Privacy Controls and Cookie Solution includes all the necessary tools to facilitate compliance with the cookie law.

Manage cookie consent with the Privacy Controls and Cookie Solution

Start generating

About us


The solution to draft, update and maintain your Terms and Conditions. Optimised for eCommerce, marketplace, SaaS, apps & more.