Consent forms are everywhere — medical offices, schools, research labs, HR departments, and client onboarding processes. They are one of the most frequently signed document types in any organisation, and one of the most important to get right. A poorly executed consent form can invalidate the consent itself.
A consent form is a document that records a person's voluntary agreement to participate in an activity, receive a service, or allow the use of their information. The form serves two purposes:
The legal term "informed consent" means the person understood what they were consenting to before they signed. A consent form that buries important details in fine print may not actually constitute informed consent — even if the person signed it.
Medical consent forms. Required before procedures, treatments, or clinical trials. These must explain the procedure, its risks, alternatives, and the patient's right to refuse. Medical consent forms are among the most heavily regulated.
Parental consent forms. Required when a minor participates in activities — school trips, sports, medical treatment, research. The parent or legal guardian signs on behalf of the child.
Data processing consent forms. Required under GDPR, CCPA, and similar privacy regulations when collecting or processing personal data. These must clearly state what data is collected, how it is used, who it is shared with, and how to withdraw consent.
Research consent forms. Required for participation in academic or clinical research. Institutional review boards (IRBs) and ethics committees set specific requirements for what these forms must contain.
Photography and media consent forms. Grant permission to photograph, film, or record someone, and to use that media for specific purposes (marketing, internal training, social media, etc.).
Employment consent forms. Cover background checks, drug testing, use of company equipment monitoring, and other workplace permissions. Often part of the onboarding process.
Client consent forms. Used in professional services — legal, financial, therapeutic — to establish the scope of the relationship and the client's agreement to proceed.
Not all signed consent forms hold up under scrutiny. For consent to be legally valid, it generally must be:
Voluntary. The person was not coerced, pressured, or misled into signing. Consent given under duress is not valid consent.
Informed. The person had access to all relevant information before signing — what they are consenting to, any risks or consequences, and their right to refuse or withdraw consent.
Specific. The consent covers a defined activity, purpose, or data use. Broad, vague consent ("I agree to everything") is increasingly challenged under privacy regulations like GDPR, which requires consent to be specific and granular.
Documented. There is a clear record that consent was given — the signed form, the date, and ideally the method of verification. This is where e-signing adds significant value over verbal consent or uncaptured agreements.
Competent. The person signing has the legal capacity to consent. Minors generally cannot consent on their own behalf (hence parental consent forms), and individuals who are incapacitated may not be able to give valid consent.
Consent forms have characteristics that make them particularly well-suited to e-signing:
High volume. Organisations that collect consent — medical practices, schools, HR departments, research institutions — process hundreds or thousands of consent forms. Paper forms create storage and retrieval problems at this scale.
Time sensitivity. Consent is often needed quickly: before a procedure, at the start of an event, during onboarding. E-signing eliminates the delay of printing, signing, scanning, and filing.
Regulatory scrutiny. When consent is challenged, you need to prove it was given. A paper form with an undated signature is weaker evidence than an electronically signed form with a timestamp, IP address, and audit trail.
Remote collection. Consent often needs to be collected from people who are not in your office — parents, patients, research participants, remote employees. E-signing allows consent to be collected from any device, anywhere.
Withdrawal tracking. Under GDPR and similar regulations, people can withdraw consent. E-signing platforms that track document history make it straightforward to record when consent was given and when it was withdrawn.
GoodSign is a natural fit for consent form workflows because it handles the two things consent forms need most: speed and evidence.
Fast collection. Upload your consent form as a PDF, add signature and date fields, and send it to one or hundreds of recipients. Signers receive a link via email or SMS, review the form, and sign — no account creation, no app download, no friction.
Strong evidence trail. Every signed consent form includes a complete audit record: the signer's email address, the time they opened the form, the time they signed, their IP address, their device, and the verification method used. This is precisely the evidence you need if consent is ever disputed.
SMS and email verification. For consent forms where signer identity matters (which is most of them), enable SMS or email verification. The signer must enter a one-time code before they can sign, adding a layer of identity evidence beyond just having access to an email link.
Bulk sending. Need to collect consent from an entire class of students' parents, a cohort of research participants, or a department of employees? GoodSign supports bulk sending — the same form goes to many recipients, and you track completion from your dashboard.
Template support. Create a consent form template once and reuse it indefinitely. Update the template when regulations change, and all future sends use the updated version.
No per-user fees. If your organisation has multiple people who need to send consent forms — front desk staff, HR team members, research coordinators — add them all to your GoodSign account at no extra cost. You only pay $1.50 per envelope sent.
Lifetime storage. Signed consent forms are stored indefinitely. This matters for medical consent (which may need to be retained for years), employment consent (which needs to be kept for the duration of employment plus a retention period), and research consent (which may be required for the duration of the study and beyond).
Keep language clear. Consent forms that use plain language are both more ethical (the person actually understands what they are agreeing to) and more legally defensible (you can demonstrate the consent was informed).
One consent per purpose. Under GDPR specifically, you cannot bundle multiple consents into one checkbox. If you need consent for data processing, marketing emails, and sharing with third parties, each one should be a separate, clearly labelled consent.
Date everything. The date of consent matters — it establishes when the person agreed and is the starting point for any time-limited consent.
Make withdrawal easy. If people have the right to withdraw consent (and under GDPR, they always do), make the process clear and accessible. Document withdrawals with the same rigour as the original consent.
Review regularly. Consent forms should be reviewed when regulations change, when your processes change, or at minimum annually. Outdated consent forms that reference old policies or incorrect information undermine the validity of the consent.
Consent forms are a legal safeguard — for both the organisation and the individual signing. Getting them right is not just a compliance exercise; it is the foundation of trust between you and the people you work with.
All rights reserved © GoodSign Limited 2026
2 Stuart St, Ponsonby, Auckland 1011, New Zealand..