If a data subject has withdrawn their consent or asked you to stop processing their data for a specific purpose, you must update their consent record to reflect this. Revoking consent does not delete the historical record — it creates an auditable trail showing when and why consent ended.
Steps
- Log in to your DataShield HQ workspace.
- Click Data Subjects in the left-hand navigation menu.
- Search for and click on the relevant data subject.
- Click the Consent Records tab.
- Find the consent record you want to revoke and click the Actions menu (⋮) next to it.
- Select Revoke Consent.
- Enter a Reason for the revocation (e.g. "Customer emailed withdrawal of consent on 15 Jan 2025").
- Click Confirm. The record is updated with a revocation date and the reason is stored for audit purposes.
What happens next?
- The consent record is marked as Revoked and is no longer active.
- The revocation event appears in the Audit Log.
- You must stop all processing activities that relied on this consent immediately.
- If the subject had other active consents for different purposes, those remain unaffected.
Important
Under GDPR Article 7(3), subjects have the right to withdraw consent at any time. Withdrawal must be as easy as giving consent. Do not delete consent records — the revocation trail is required for compliance.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article