This is indicated in the GDPR:
The user must be informed at all times of what their data will be used for.
It must specify the use to be made of the data, the expiration of the same or possible transfers with other entities.
In addition, the “Data Protection” for users and customers of the company website will take a lot of value, they will take it into account.
I leave here the answer of the GDPR to a question:
Is there a time limit to consent?
Although there is no fixed time limit where consent expires, context is important and it should be assumed that it does not remain valid forever. An important thing to note is that a person’s most recent indication of consent is paramount – if a customer agrees to marketing on three previous occasions but opts out the fourth time, it is this last decision that sticks.
Even when consent has not been explicitly withdrawn, GDPR considers consent to last ‘for the time being’, which has been interpreted to mean ‘until a time where there could be a significant change in circumstances’.