Why? The GDPR requires that you keep and maintain valid records of consent if processing user data based on consent. Without these records, the consent you collect is considered invalid.
When do you need it? When processing the personal data of EU-based users on the legal basis of Consent. Typical examples of this include collecting personal data via forms for newsletters, email lists, subscriptions etc. This does not typically apply to consent for cookies as cookies are still largely governed by the ePrivacy Regulation (Cookie Law).
Note: GDPR requirements also apply if your base of operations is in the EU or if you simply offer goods or services to EU-based persons, even if that offer is free. Read more here.