How does consent work?

Consent is required for processing that is not in the normal legitimate interest of the business. It must be freely-given, meaning that there can be no change in the business relationship due to the giving or withholding consent. Consent cannot be required to use a service or to be a client. Also, the consent must be specific and unambiguous. When the data subject is giving consent, they must know exactly what they are agreeing to and a layman should be able to read the form and understand exactly what they are agreeing to. Just as consent must be free-given, consent must also be withdrawable. The data subject, AT ANY TIME, must be able to withdraw consent, and your firm must stop processing their data, again with no changes in the business relationship. Consent must be a last resort; you cannot use consent as a legal basis if you are using any other legal basis.

You must track who gave the consent, when that consent was given and what the consent actually was with all consent data. This cannot be kept is some other database; it must be tied directly with the data.