Consent is just one of the legal bases that you might use for processing personal data. It is however one of the most common and gets special treatment inside Sheep.

Each person has a GDPR card on their record. The card pulls together all the consent records that this person has granted. We record each instance of consent so there will be overlapping consent records for many people. We currently show all consent records, including those that have expired or been withdrawn. 


Consent records in Sheep store the full context. If, at the point of collection, you presented the user with a short paragraph of text and then a tick box you should paste the full paragraph into the consent record. Use the context_url field to capture where the context was shown to the user (doesn't have to be a URL could be a document reference)


How have you collected this consent? paper form, web form, third party system (optional but highly recommended). It will be incredibly useful, if questioned by the user in future, to point back to the specific source of their consent. 

Channel (or activity)

For communication consent this is email, post phone etc. For other forms of consent it might be just 'process' or 'share'.


The purpose is your internal short description for the data processing activity. You may have several similar consent forms all for the same purpose. The purpose is used by Sheep when segmenting data for processing. e.g. Export all people that have an active consent given for the purpose of 'partner marketing' 


When a consent expires it stays on record for historic audit but when filtering using the 'GDPR Consent' field the expired consent won't be taken into account.

We will allow an default setting for expiry e.g. 3 years but currently it is set on a per record basis.

Did this answer your question?