In practice, consent is often conceptualized as a coarse-grained procedural necessity, implemented as a once-off act. This can result in a misalignment between the consent given by an individual, and the desired data access. Consent should form part of the security process. We are developing techniques to help better understand and manage consent, and thereby provide assurance to the data processor that consent is adequately addressed in any data access or other data activity.