How do I document consent correctly?
Record for each consent: (1) the exact time and date, (2) the IP address or user ID, (3) which privacy policy and which cookie policy applied at the time of consent, (4) the wording of the consent (which purpose exactly), (5) how consent was given (checkbox, double opt-in, etc.). Technically, cookie consent tools such as Osano, OneTrust or Usercentrics are well-suited, as they automate this documentation. Without proof of consent, authorities will not recognise it – this is a common reason for fines. Documentation is therefore not just a compliance formality, but your protection in the event of an inspection by supervisory authorities.
This question is part of our article on "DSGVO fines for website violations — what they really cost and how you can avoid them". You'll find the full context and all related angles there.
Read the full article →