GDPR Art. 7 consent lifecycle management.
Freely given · Specific · Informed · Unambiguous.
from iio.governance import ConsentManager cm = ConsentManager() # 1. Record (double opt-in — PENDING) record = cm.record_consent("user-abc", "newsletter") # 2. User clicks email link — ACTIVE cm.confirm_consent(record.id, proof="email-conf-xyz") # 3. Check before processing if cm.has_active_consent("user-abc", "newsletter"): send_newsletter() # 4. Withdraw (Art. 7(3) — as easy as giving) cm.withdraw_consent("user-abc", "newsletter") # 5. GDPR Art. 17 — Right to Erasure cm.withdraw_all("user-abc")
Subject submits form. ConsentRecord created in PENDING state.
Double opt-in: email click confirms consent. Status → ACTIVE.
Before any data processing: verify active consent exists.
Art. 7(3): withdrawal as easy as giving. Status → WITHDRAWN.
Art. 17: withdraw_all() handles right to erasure requests.
Art. 20: export_subject_data() returns JSON export.
| Method | GDPR Article | What it does |
|---|---|---|
| record_consent() | Art. 7(1) | Record freely given, specific, informed, unambiguous consent |
| confirm_consent() | Art. 7(2) | Double opt-in with tamper-evident proof |
| withdraw_consent() | Art. 7(3) | Withdrawal — as easy as giving |
| withdraw_all() | Art. 17 | Right to erasure — withdraw all consent |
| export_subject_data() | Art. 20 | Data portability — JSON export |
| check_consent() | Art. 6/9 | Verify lawful basis before processing |