The GDPR clarifies that if your company or organization collects data from European Union residents, you must retain proof of their consent to the collection and use of this data. However, the regulation does not specify what information constitutes "proof" (e.g. IP address, log, time of registration, etc.).
You do NOT need to ask your contacts to confirm their consent if your collection and use of their data:
- does not require consent - see this article for detailed examples
- requires consent but you already have proof of their consent
If your contacts' consent is required and you do not have proof of their consent, follow this guide to confirm your contacts' consent.