Frequently Asked Questions
Got questions? We've got answers. Find quick solutions to common queries below.
Consent management involves obtaining, recording, and maintaining user permission to process personal data in compliance with GDPR's lawful-basis requirement.
No. There are six lawful bases for processing data. Consent is one of them—but if you rely on consent, it must be valid and verifiable.
Through a digital log capturing who consented, when, and for what purposes—usually implemented via a CMP or backend tracking mechanism.
Yes. GDPR Art. 7(3) mandates that users must be able to withdraw consent as easily as it was given.
Invalid consent may lead to regulatory penalties and reputational damage. Fines can reach up to €20 million or 4% of global turnover.
Consent must be freely given, specific, informed, and unambiguous. No pre-ticked boxes, no bundled consent, and clear affirmative action is required.