The systematic process of obtaining, recording, and managing lawful consent from Data Principals for processing.
Consent management encompasses the entire lifecycle of obtaining, documenting, renewing, and honouring Data Principal consent. Under DPDPA Section 6, consent must be free, specific, informed, unconditional, and unambiguous with a clear affirmative action. The consent notice must be in plain language, available in all 22 scheduled Indian languages, and clearly state the purpose of processing, categories of data, and withdrawal mechanism. Consent records must be maintained as immutable proof.
Consent is the primary lawful basis for most startup data processing. Without proper consent management — including granular purpose-level tracking and easy withdrawal — every processing activity becomes legally questionable.
A Bengaluru D2C brand must present a consent banner listing each processing purpose (order fulfilment, marketing emails, analytics) with individual toggles, store cryptographic proof of each consent, and process withdrawal requests within the mandated timeline.
A single "I agree to Terms & Conditions" checkbox does NOT constitute valid DPDPA consent. Consent must be purpose-specific, granular, and independently withdrawable per purpose.
DPDPA Shield automates Consent Management. See how →