Consent Management & Legal Bases
Every processing of personal data needs a legal basis – often consent. It must be freely given, informed and withdrawable at any time. SimpleAct manages consent purposes, cookie categories and legal bases with complete evidence.
When is consent required?
Every processing needs one of the six legal bases in Art. 6 GDPR – such as contract, legal obligation, legitimate interest or consent. Consent is required whenever no other basis applies, e.g. for marketing emails or non-essential cookies. Under Art. 7 it must be freely given, for the specific purpose, informed and unambiguous – and as easy to withdraw as it was to give.
Requirements for valid consent
Manage consent compliantly
- Define the legal basis for every processing activity
- Formulate consent purposes clearly and separately
- Use opt-in instead of pre-selected boxes
- Make cookie categories granularly consentable
- Store the time, content and version of each consent
- Provide and implement an easy withdrawal path
- Keep consent evidence as part of accountability
Frequently asked questions about consent management
Do I need consent for everything?
No. Often other legal bases apply, such as contract or legitimate interest. Consent is only needed when no other basis fits – e.g. for advertising or tracking cookies.
Are pre-ticked boxes allowed?
No. Valid consent requires an active, unambiguous action. Pre-selected checkboxes or merely continuing to browse do not count as consent.
Must I be able to prove consent?
Yes. Under Art. 7(1), the controller must be able to demonstrate that and for what a person consented – including the time and version of the text.
How does this relate to cookies?
Non-essential cookies (marketing, analytics) may only be set after prior, granular consent – a consent banner alone is enough only if it offers genuine freedom of choice.
Consent management with SimpleAct
Manage legal bases, consent purposes and cookie categories centrally – with audit-proof evidence and easy withdrawal.
Start for free