Consent is only one of several lawful bases for data processing available under the EU General Data Protection Regulation. Nonetheless, sometimes consent is the most appropriate — or only — basis for personal data processing.
The GDPR requires consent to be opt-in. It defines consent as “freely given, specific, informed and unambiguous” given by a “clear affirmative action.” It is not acceptable to assign consent through the data subject’s silence or by supplying “pre-ticked boxes.”
Full article: How opt-in consent really works