R311. Demonstrate user consent
The system must establish a mechanism which allows demonstrating that users granted their consent to collection of their data.
Systems usually request information from the users or collect it based on their interactions with the application. Regulations demand that none of these collections occur without the user’s consent and that this consent be demonstrable afterwards. Therefore, the system must have a mechanism that allows demonstrating the grant of the consent.
GDPR. Art. 7: Conditions for consent.(1). Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.