It is generally a best practice to request scopes incrementally, at the time access is required, rather than up front. For example, an app that wants to support saving an event to a calendar should not request Google Calendar access until the user presses the "Add to Calendar" button; see Incremental authorization.

Many also question how the average user with little knowledge of the GDPR will react to being asked so many questions regarding consent. Will they be confused? Probably at first. It will be up to each business to create a consent form that is easy to understand, while being at the same time comprehensive and informative

The actual process is something we still need to work on so we don’t get consent fatigue.

Among some consumers, GDPR is perhaps best known as a bothersome series of rapid-fire, pop-up privacy notices.

consumers become blind to an avalanche of privacy pop-up notices

Currently, there is a high frequency of consent requests, privacy notices, cookie banners or cookie policies on every visited website. As a consequence of consent abuse, individuals resent a fatigue, resulting in consent loosing its purpose.

This way, personal data is more effectively protected allowing individuals to focus on the risk involved in granting authorization for the use of their personal data and to take appropriate decisions based on the risk assessment. Consequently, the burden and confusion generated by systematic consent forms is constrained.

Third, the focus should be centered on improving transparency rather than requesting systematic consents. Lack of transparency and clarity doesn’t allow informed and unambiguous consent (in particular, where privacy policies are lengthy, complex, vague and difficult to navigate). This ambiguity creates a risk of invalidating the consent.

This will avoid overburdening with too much information every time they access a website, navigate across the internet, download an application, or purchase goods and/or services. This may result in a certain degree of consent fatigue.

One MailChimp user tweeted this week that it seems the EU has "effectively killed newsletter with GDPR." He said he sent "get consent" emails through MailChimp and reported these numbers: 100 percent delivery rate, 37 percent open rate, 0 percent given consent.

The re-consent campaigns have also been recognized as a practical pain from some in the thick of it. It's causing angst amongst email weary customers and prospects, consent fatigue and even some legal issues