Iubenda logo
Start generating


Table of Contents

Understanding DPA Inspections: Why Proof of Consent is Crucial

Simplify Compliance and Protect Your Business with a Comprehensive Cookie and Consent Preference Log

Why DPA Inspections Matter

DPA inspections, conducted by Data Protection Authorities, play a vital role in safeguarding individuals’ privacy rights and ensuring businesses adhere to data protection regulations. These inspections typically arise from user reports or random checks within specific industries. Data Protection Authorities are responsible for verifying claims, investigating allegations, and enforcing compliance with data protection laws.

🔎 The Inspection Process

DPA inspections typically involve several key steps, and these steps may vary depending on the specific authority conducting the inspection. The typical process involves:

  1. User Complaint or Random Check: Inspections may be triggered by a user complaint or randomly selected by the DPA. 
  2. Initiation of the Inspection: the DPAs may either notify businesses beforehand or conduct unexpected in-person or online inspections.
  3. Checking the Preference Log: The DPA generally proceeds to examine the business’s preference log to determine if the reporting user is present within the system. This log contains important information about user consent and preferences.
  4. Reviewing the Consent Flow: If the user is identified in the preference log, the DPA would typically review the “consent flow” implemented by the business. The consent flow outlines the necessary steps taken to obtain and record user consent.
  5. Providing Proof of Compliance: Finally, the business must provide proof that it followed all the required steps as outlined in the consent flow to obtain the consent of the user. This is where maintaining a comprehensive Consent Preference Log becomes crucial.

Stand Ready for DPA Inspections

Equip your business to confidently face DPA inspections with the new Essentials plan, now including our Cookie and Consent Preference Log to simplify the management of user consent and streamline the compliance process.

🚀 Key features of the Cookie and Consent Preference Log include:
  • Centralized Consent Storage: Maintain a secure and centralized database of user consents, readily accessible for compliance verification during DPA inspections.
  • Real-time Updates: Capture consent updates in real-time, ensuring accurate and up-to-date records.
  • Auditing and Reporting: Generate detailed reports and audit logs to demonstrate compliance with data protection regulations.
Try one year at $29

Then $71.88/year instead of $172/year

✅ No extra configuration required

Enjoy $143 in savings with the new Essentials plan, which also gives you the option to:

  • Generate a Cookie Policy that you can easily connect to your cookie banner or notice.
  • Add up to 20 services (instead of 4) to your Privacy and Cookie Policy.
  • Keep all the functionalities and customization options you currently have.

Frequently asked questions on the Cookie and Consent Preference Log

The Cookie and Consent Preference Log allows you to create records of your users’ cookie consent preferences when they visit your site. You need this feature to align with the requirements of most Data Protection Authorities across Europe (including the UK, France, Italy, Belgium, and more).

Yes, the Essentials plan includes the Cookie and Consent Preference Log with up to 25,000 pageviews per month. If you need more, you can either leverage Extra Usage, which allows the product to continue working with an extra charge after you reach the limit of use for your plan, or upgrade to a bigger plan. Please see the pricing page for more details.

Yes, if your website installs non-exempt cookies and European users visit it, you need to keep valid records of your users’ cookie preferences.

In other words, regardless of the number of monthly pageviews, you need to store a cookie and consent preference log if you have a cookie banner.

No, the Consent Database collects and stores proof of consent specifically for online and offline forms, and requires some setup.

The Cookie and Consent Preference Log, however, is a fully automated feature of the Privacy Controls and Cookie Solution, our solution for managing consent preferences for cookies, trackers and similar technologies.

The Cookie and Consent Preference Log solves this problem – without the need for a dedicated configuration. For each consent given, we collect:

  • a string of 6 random hexadecimal characters and the timestamp to uniquely identify a specific consent and the time at which it was given
  • the user’s IP address

This way, the consent is collected via the string of 6 hexadecimal characters and the IP address is uniquely linked to a specific user. If necessary, the DPA may:

  • examine the user’s browser and compare it with the unique record in your logs (verifying proof)
  • use the IP address to cross-check and verify the information