Customize/Partial: The user opened the Settings modal and selected specific categories, accepting some while rejecting others. This shows granular consent where users might accept Analytics but reject Marketing cookies. The specific selections are recorded in the Categories field.
Consent logs are a critical component of GDPR compliance, providing documented evidence that you’re properly obtaining and respecting user consent. DigiConsent automatically maintains comprehensive records of every consent interaction, creating an audit trail essential for regulatory compliance and privacy management. This guide explains how to access, interpret, and utilize consent logs effectively.
Why Consent Logs Matter
GDPR and similar privacy regulations don’t just require obtaining consent—they require proving that you obtained it correctly. Article 7(1) of GDPR explicitly states that the data controller must be able to demonstrate that the data subject has consented to processing of their personal data.
Consent logs serve multiple critical purposes:
Regulatory Compliance: During privacy audits or investigations, regulators may request proof of consent. Detailed logs demonstrate that you properly obtained permission before collecting data, what users were told, when consent was given, and what specific permissions were granted.
Legal Protection: If users claim they never consented or weren’t properly informed, consent logs provide factual evidence of the consent interaction. This protects your organization from unfounded complaints and potential legal action.
User Right Requests: GDPR grants users the right to access their personal data, including consent records. Consent logs allow you to fulfill these access requests by showing users exactly when and how they provided consent.
Accountability: Maintaining records demonstrates good faith compliance efforts and organizational accountability for data protection, which regulators consider when assessing penalties for any violations.
Operational Insights: Beyond compliance, consent logs help you understand consent patterns, identify technical issues, and optimize your consent request strategy.
Accessing Consent Logs
To view consent logs, navigate to DigiConsent → Logs in your WordPress admin menu. This opens the Consent Logs page, which displays a table of all recorded consent interactions.
The logs page loads quickly even with thousands of records thanks to optimized database queries and pagination. You’ll see recent consent interactions first, ordered by timestamp with the newest entries at the top.
Understanding Log Entries
Each consent log entry contains multiple pieces of information that together form a complete record of the consent interaction.
Timestamp
The exact date and time when the consent action occurred, recorded in your WordPress timezone setting. This timestamp is crucial for compliance—you need to know precisely when consent was obtained to determine when it expires and to prove consent was obtained before data processing began.
Timestamps use the format configured in your WordPress settings (typically Y-m-d H:i:s or similar). For example: “2024-01-15 14:32:18” indicates consent was recorded on January 15, 2024 at 2:32:18 PM.
Consent Action
The type of action the user took. DigiConsent tracks three distinct actions:
Accept: The user clicked the Accept button, granting consent to all cookie categories (or all enabled categories). This is the most common action, representing users who provide full consent without customizing preferences.
Reject: The user clicked the Reject button, explicitly declining all optional cookies. Only Necessary cookies are permitted for these users. This demonstrates that you provided a genuine choice and the user exercised their right to reject tracking.
Customize/Partial: The user opened the Settings modal and selected specific categories, accepting some while rejecting others. This shows granular consent where users might accept Analytics but reject Marketing cookies. The specific selections are recorded in the Categories field.
Categories Accepted
A detailed breakdown showing which cookie categories the user accepted. This might display as comma-separated values like “Necessary, Analytics” or as a more detailed JSON structure depending on the log format.
For Accept actions, this typically shows all enabled categories. For Reject actions, it shows only Necessary (since that’s always permitted). For Customize actions, it shows the specific user selections.
This granular information is essential for compliance because you must be able to prove that you only used cookies the user specifically consented to.
User Identifier
A unique identifier for the user who provided consent. DigiConsent generates a random, anonymized identifier for each visitor rather than storing personally identifiable information directly in logs.
This identifier allows you to associate multiple consent interactions from the same user (for example, if they change their preferences or if consent expires and they re-consent) while maintaining privacy. The identifier is stored in the user’s consent cookie and included in log entries.
For privacy protection, this identifier is meaningless outside the context of the user’s own consent cookie—it’s not linked to email addresses, usernames, or other personal information in the logs.
IP Address
The IP address from which the consent was given. While IP addresses are technically personal data under GDPR, logging them for consent purposes is generally considered acceptable under the legal basis of compliance with legal obligations.
IP addresses serve several important purposes in consent logs:
- Provide evidence of the consent origin for verification purposes
- Help detect fraudulent or automated consent submissions
- Enable geographic analysis of consent patterns
- Support investigation of technical issues or complaints
Some privacy-conscious organizations choose to anonymize IP addresses after a certain period. This can be accomplished through custom code or by periodically purging old logs.
User Agent
The browser and device information string provided by the user’s browser. This typically includes the browser type, version, operating system, and device details.
Example user agent: “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36”
User agent information helps you:
- Verify the technical context of consent
- Identify potential issues with specific browsers or devices
- Detect automated or bot submissions
- Understand which platforms your users prefer
Navigating the Logs Interface
The Consent Logs page includes several features for finding and analyzing specific consent records.
Pagination
If you have many consent records, they’re divided into pages to maintain fast loading times. Each page typically shows 20-50 entries. Use the pagination controls at the bottom of the table to navigate between pages.
The pagination displays:
- Current page number and total pages
- Total number of consent records
- Previous and Next page buttons
- Jump to specific page number option
Sorting
Click on column headers to sort the log entries by that column. Common sorting use cases:
- Sort by Timestamp: View oldest consents first (helpful for finding early users) or newest first (default view)
- Sort by Action: Group all Accepts together, or all Rejects, to analyze patterns
- Sort by IP Address: Identify multiple consents from the same IP (useful for detecting issues)
Click the column header once to sort ascending, click again to sort descending.
Search and Filtering
Use search and filter functions to find specific consent records:
Date Range Filter: Select a specific date range to view consents from that period. Useful for compliance reports, analyzing the impact of banner changes, or responding to specific user inquiries.
Action Filter: Filter to show only Accepts, only Rejects, or only Customize actions. Helps analyze acceptance rates or identify users who rejected cookies.
Search: Enter search terms to find specific log entries. You can search by user identifier, IP address, or other logged information.
Interpreting Consent Log Data
Beyond basic viewing, understanding what consent logs tell you helps optimize your consent strategy.
Identifying Patterns
High Reject Rates: If you see many Reject entries relative to Accept entries, this might indicate that your banner messaging is too aggressive, unclear, or untrustworthy. Consider revising your description text to be more transparent and user-friendly.
Frequent Re-consent: If you see the same user identifier multiple times in short succession, users might be clearing cookies frequently (privacy-conscious behavior) or experiencing technical issues with consent persistence. Check your consent expiration settings and cookie domain configuration.
Granular Consent Patterns: Review Customize entries to see which categories users accept most often. Commonly, users accept Analytics more frequently than Marketing. If you see surprising patterns (like very low Analytics acceptance), investigate whether your category descriptions accurately explain what they do.
Detecting Technical Issues
Sudden Drops in Consent: If you notice a period with far fewer consent logs than usual, this might indicate that the banner isn’t displaying properly, perhaps due to caching issues, JavaScript errors, or conflicts with other plugins.
Unusual User Agents: An abundance of bot user agents in logs might indicate automated scraping or crawling that’s triggering consent records. While not problematic, it can skew your analytics.
Geographic Anomalies: Sudden traffic from unexpected countries might indicate security issues or marketing campaigns you weren’t aware of.
Using Consent Logs for Compliance
Responding to User Requests
Under GDPR Articles 15 and 20, users have the right to access their personal data, including consent records. When a user requests their consent history:
- Verify the user’s identity (you cannot share data with unauthorized individuals)
- Use the search function to find consent logs associated with their identifier or contact information
- Export or provide a readable summary of their consent history
- Include timestamps, actions taken, and categories accepted
- Explain how long these records are retained
Regulatory Audits
If regulatory authorities audit your data processing practices, consent logs provide crucial evidence:
- Demonstrate that consent was obtained before processing began (timestamp proof)
- Show that users were given genuine choice (reject actions exist)
- Prove granular consent options were available (customize actions)
- Verify that consent hasn’t expired (compare timestamps to retention periods)
Maintain consent logs for at least as long as you process the data collected under that consent, plus a reasonable period afterward for compliance verification.
Data Retention for Consent Logs
How long should you keep consent logs? This balances compliance needs with data minimization principles.
Recommended Retention Period
Most privacy experts recommend retaining consent logs for:
- Minimum: As long as you’re processing data under the consent, plus statute of limitations period (typically 3-6 years)
- Safe Practice: 3 years after consent expires or is withdrawn
- Maximum: Some organizations keep consent logs for 7-10 years for legal protection, though this must be balanced against data minimization
DigiConsent allows you to configure automatic log cleanup to delete records older than your specified retention period, helping maintain compliance with data minimization requirements while preserving records for the necessary duration.
Archiving vs. Deletion
Consider archiving old consent logs rather than deleting them entirely. Archived logs are removed from active database tables (improving performance) but stored in backup format for retrieval if needed for legal defense or regulatory investigation.
Exporting Consent Logs
DigiConsent allows exporting consent logs for analysis, reporting, or archiving purposes. Use the export function to:
- Create compliance reports for stakeholders
- Archive old records before deletion
- Analyze consent patterns in spreadsheet software
- Fulfill user access requests
- Provide records to legal counsel or auditors
Exported files typically use CSV format, which opens in Excel, Google Sheets, and most data analysis tools. The export includes all log fields with proper formatting for easy analysis.
Best Practices for Consent Log Management
Regular Review: Check consent logs weekly or monthly to ensure they’re being recorded properly and to spot any anomalies early.
Backup Regularly: Include consent log tables in your WordPress database backups. These records are valuable compliance evidence that must be protected.
Restrict Access: Only grant access to consent logs to team members who need it for compliance or analytics purposes. Treat consent records as sensitive data requiring protection.
Document Your Retention Policy: Write a clear policy explaining how long you keep consent logs and why. Include this in your privacy policy and data protection documentation.
Test Export Function: Periodically test the log export function to ensure you can quickly retrieve records if needed for compliance requests.
Monitor Storage Growth: High-traffic sites accumulate consent logs quickly. Monitor database size and implement archiving or cleanup procedures to prevent performance issues.
Correlate with Other Systems: If you use other compliance or analytics tools, consider how consent log data relates to and supports those systems.
Consent logs are more than just a compliance checkbox—they’re a valuable resource for demonstrating privacy accountability, optimizing consent strategies, and protecting your organization legally. By understanding how to access, interpret, and utilize consent logs effectively, you transform compliance obligations into operational advantages, building a foundation of transparency and trust with your users while maintaining the documented evidence necessary for regulatory confidence.