Where your user may need to directly enter personal data on the site/app, for example by filling in a contact form, service registration or newsletter subscription, it is necessary to collect consent that is freely given, specific and informed. It’s also necessary to keep unambiguous records that allow you to demonstrate that valid consent was collected.
What is free, specific and informed consent?
You must obtain consent for each specific processing purpose — for example, a consent to send newsletters and another consent to send promotional material on behalf of third parties. Consent may be requested by setting up one or more checkboxes that are not pre-selected, not mandatory or coerced (freely given) and accompanied by relevant disclosures that make it clear to the user how his or her data will be used.
How can proof of valid consent be demonstrated unambiguously?
Is the email I receive from the user as a result of filling out a form not sufficient as proof of consent?
Unfortunately, it is not sufficient, as some information necessary to reconstruct the suitability of the procedure for collecting consent is missing, such as a copy of the form actually completed by the user and the version of the privacy documents available to the user at the time the consent was collected.