# GDPR Consent Form (Art. 7) > Draft consent forms and consent notices for personal data processing under GDPR Article 7. Covers all conditions for valid consent: freely given, specific, informed, unambiguous. Includes validation against EDPB Guidelines 05/2020. Tags: GDPR, Privacy, Consent, Art. 7, Art. 9, EDPB, ePrivacy, Compliance, Data Protection ## Example Prompts - Draft a GDPR consent form for our email marketing and analytics tracking - Create a consent notice for collecting health data in our wellness app - Validate whether our consent form meets GDPR Article 7 requirements URL: https://rakenne.app/skills/gdpr-consent-form/index.md Try this skill: https://rakenne.app/a/?skill=gdpr-consent-form ## Overview Draft consent forms and consent notices for personal data processing under GDPR Article 7. Covers all conditions for valid consent: freely given, specific, informed, unambiguous. Includes validation against EDPB Guidelines 05/2020. ## Getting Started Add your source materials to the project workspace, then activate the *GDPR Consent Form (Art. 7)* skill. The agent will guide you through the process step by step. ## Example Conversation Below is an example of how a typical consent form drafting session unfolds. The agent identifies purposes, drafts a granular consent form, and validates it. > **You:** We need a GDPR consent form for our SaaS platform. We want to send marketing newsletters by email and use cookies for analytics tracking. Some users also opt into a wellness feature that collects health data. > > **Agent:** I'll draft a consent form with three separate purposes, each with its own opt-in checkbox: (1) marketing newsletters, (2) analytics cookies, and (3) health data for the wellness feature. Since health data is special category data under Art. 9, that purpose will require explicit consent — a plain checkbox isn't enough, so I'll include a two-step confirmation mechanism. Let me load the reference and template. > > **You:** Go ahead. Our DPO is privacy@acme.eu. > > **Agent:** I've created `consent-form.md` with three granular purposes, controller identity, DPO contact, withdrawal mechanism (email to privacy@acme.eu or in-app toggle), consequences of refusing each purpose, and a link to your privacy notice. The health data section uses a two-step process: checkbox acknowledgement followed by a confirmation email. Let me run the validation tool. > > **You:** Yes, validate it. > > **Agent:** I ran `validate_gdpr_consent`. Result: 8/8 core elements present. Art. 9 special category data detected — explicit consent mechanism found. Purpose granularity: 3 distinct purposes detected. All checks passed. ## Sample Output Excerpt Below is a representative excerpt from a consent form showing one standard purpose and the special category data section. --- ### 1. Purposes and data categories Please tick each purpose you consent to: - [ ] **Marketing newsletters:** Sending product updates, feature announcements, and promotional offers by email. - Data collected: name, email address, communication preferences. - [ ] **Analytics tracking:** Using cookies to analyse browsing behaviour and improve website performance. - Data collected: IP address (anonymised), cookies, page views, session duration. ### 2. Special category data (Art. 9) - [ ] **Step 1:** I acknowledge that my health data (blood pressure readings, activity levels) will be processed for the purpose of providing personalised wellness recommendations within the app. - **Step 2:** A confirmation email will be sent to your registered address. Click the confirmation link to finalise your explicit consent. ### 3. Right to withdraw consent (Art. 7(3)) You have the **right to withdraw your consent at any time**, without affecting the lawfulness of processing carried out before the withdrawal. **How to withdraw:** Send an email to privacy@acme.eu with the subject "Withdraw consent", or use the consent management panel in your account settings. --- ## Built-in Validation Tools The skill includes an extension tool that checks consent documents for GDPR Art. 7 compliance and EDPB Guidelines 05/2020 conditions. ### What the tool checks | Check | Description | |-------|-------------| | **Lawful basis** | Verifies a reference to Art. 6(1)(a), Art. 7, or GDPR as the legal basis for consent | | **Specific purposes** | Detects purpose statements in the document | | **Withdrawal mechanism** | Checks for withdrawal/revocation language and instructions | | **Freely given** | Looks for indicators that consent is voluntary and not bundled with service access | | **Controller identity** | Verifies the data controller is identified | | **Data categories** | Checks that categories of personal data are listed | | **Privacy notice link** | Verifies a reference to the Art. 13/14 privacy notice | | **Consent records** | Checks for form version and timestamp fields for demonstrable consent (Art. 7(1)) | | **Art. 9 explicit consent** | If special category data is detected, verifies an explicit consent mechanism (signed statement or two-step process) is present | | **Purpose granularity** | Warns if fewer than two distinct purposes are found, prompting manual verification | Run **validate_gdpr_consent** on the consent form after drafting or updating to ensure completeness. --- Back to [Skill Library](https://rakenne.app/skills/index.md)