← Glossary·Privacy

Consent (GDPR)

GDPR

Freely given, specific, informed, unambiguous indication by the data subject — must be as easy to withdraw as to give.

Under GDPR Art. 4(11) and Art. 7, consent must be freely given, specific, informed, and unambiguous, indicated by a statement or clear affirmative action. Pre-ticked boxes, bundled consents, and ‘consent’ obtained from a position of clear imbalance (e.g. employer–employee) do not qualify.

Why it matters
Cookie banners and consent flows are the #1 enforcement area for European DPAs. CNIL alone has issued €200M+ in cookie-consent fines.

Related terms

Lawful Basis (Legal Basis for Processing)
One of six GDPR Art. 6 grounds that must apply for personal data processing to be lawful.
Data Subject Rights (DSAR)
Rights granted to individuals over their personal data — access, rectification, erasure, portability, restriction, objection.

Does your program actually cover Consent (GDPR)?

Run a free ComplianceIQ audit against GDPR and we'll surface every gap on this — and the other controls auditors flag — with the exact clause references to fix.

Free GDPR auditBack to glossary