Articles on: FAQ

Logging and demonstration of user consents

When a visitor interacts with your store's cookie banner and submits their preferences, Pandectes automatically records this consent to ensure transparency and compliance with data protection laws such as the GDPR and ePrivacy Directive.


The Pandectes GDPR Compliance app automatically records, stores, and secures records of all website visitor consents submitted through your cookie banner. This ensures that you, as a website operator, can demonstrate compliance with the obligations set out under the General Data Protection Regulation (GDPR) and the ePrivacy Directive (Directive 2002/58/EC).




Under Article 7(1) of the GDPR, data controllers must be able to demonstrate that valid consent has been obtained before processing personal data, including through the use of non-essential cookies or tracking technologies.


In addition, Article 5(3) of the ePrivacy Directive requires that consent is given prior to any storage or access of information on a user’s device, except where such storage is strictly necessary for the provision of the service requested by the user.


To facilitate compliance with these legal requirements, Pandectes automatically maintains a secure, verifiable log of user consents gathered through your cookie banner.



When a visitor submits or updates their consent preferences on your website, the following actions occur:


  1. The user’s consent state is saved locally in a first-party cookie named _pandectes_gdpr on their browser.
  2. This cookie includes a random, unique, anonymous, and encrypted key that represents the user’s consent status for each category of cookies.
  3. Simultaneously, the same consent record is securely transmitted via an encrypted HTTPS connection to the Pandectes server-side consent log, where it is stored for documentation and audit purposes.


This dual storage mechanism (browser + server-side) ensures both local functionality and verifiable recordkeeping.



Each entry in the Pandectes consent log includes:


  • A unique, encrypted identifier (linked to the _pandectes_gdpr cookie)
  • The date and time of consent submission or update
  • The user’s consent state (accepted, declined, customized)


This data is designed to be non-personally identifiable and stored in compliance with the data minimization principle under Article 5(1)(c) of the GDPR.



If you are requested by a supervisory authority or a data subject to demonstrate proof of consent, you can retrieve and export the corresponding consent log entry through your Pandectes dashboard.


To verify a specific consent:


  1. Request the consent ID or cookie value from the website visitor (found within the _pandectes_gdpr cookie in their browser).
  2. Use this value to locate the relevant record within your Pandectes consent log report.
  3. Present the stored record, which includes timestamp, consent categories, and the encrypted identifier, as evidence of lawful consent.


Pandectes provides a verifiable record that can be used to demonstrate compliance to authorities such as the European Data Protection Board (EDPB) or national data protection agencies.



Consent log entries are retained for a period consistent with your account’s configured retention policy and in alignment with GDPR best practices.

After the retention period expires, the consent records are automatically anonymized or permanently deleted, ensuring continued compliance with the storage limitation principle under Article 5(1)(e) GDPR.


Responding to verification requests


When a website visitor exercises their rights under the GDPR, such as the right of access (Article 15) or right to information (Articles 13–14), you may be required to verify their consent history.


In such cases, you can:


  • Export the relevant consent record directly from your Pandectes admin interface.
  • Provide the visitor with the date and time of consent, consent categories, and the declaration version used at the time.
  • Confirm that the consent record is pseudonymized and non-personal.


This process enables transparent, auditable communication while ensuring that no unnecessary personal data is exposed.


Security and integrity


All consent data processed by Pandectes is transmitted and stored using industry-standard encryption and hosted in secure environments compliant with international data protection and security standards.

Access to consent logs is strictly controlled and available only to authorized users within your organization through the Pandectes platform.


Summary


The Pandectes logging and demonstration system ensures that your website can:


  • Obtain, store, and verify valid user consents,
  • Demonstrate compliance with the GDPR and ePrivacy Directive, and
  • Respond effectively to audits or data subject verification requests.


By integrating Pandectes, you maintain full traceability and accountability over your consent management framework, a crucial component of lawful and transparent online data processing.


Updated on: 15/10/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!