Then, assuming that you can evidence that you followed the guidance, and you implement the rest of the GDPR, which gives the person in question a mechanism to revoke their consent, you're pretty much definitely fine. You realise that we're not out on a witch hunt here, right?