GDPR says that if a company wants to handle personal data purely based on permission, they need the individual’s clear agreement. This is often the case for things like direct marketing, handling sensitive info, or sharing data with other companies. The consent needs to be given freely, without any pressure, and must be clear and specific. Plus, people should be able to change their minds at any moment. Companies have to make sure they keep records of this consent, getting it in a way that’s compliant with GDPR’s standards to show respect for people’s rights and keep everything above board.