Implement a consent audit trail with immutable logging using a time-series store for GDPR Art. 5(2) accountability

Verified steps

1. Define a consent event schema: {eventId, subjectId, consentVersion, purposes: [{id, status, timestamp}], noticeVersion, channel, ipCountry, userAgent, recordedAt}; never mutate records — write only append.
2. On each consent interaction (grant, withdraw, change), write a new immutable row to your audit store; use a WORM-compatible storage (e.g., AWS S3 with Object Lock in COMPLIANCE mode, or an append-only database table with no DELETE privileges for the application role).
3. Index events by subjectId and recordedAt to support fast retrieval for DSAR access requests; a regulatory auditor may request the full consent history for a subject.
4. Store the version hash (SHA-256) of the consent notice HTML displayed at the time of each event alongside the event record; this links the record to the exact disclosure the user saw, satisfying Art. 7(1) burden of proof.
5. Expose a read-only audit query endpoint secured with an internal service token that returns all consent events for a given subjectId; use this in your DSAR fulfillment pipeline to populate the Art. 15 access response.
6. Define and document a retention period for audit logs that balances accountability (keep long enough to demonstrate compliance) with data minimization (delete after the risk of regulatory action has passed, typically 3-5 years after the consent event).