Logo Logo


The General Data Protection Regulation (GDPR) and ePrivacy Directive (ePR) affect how you as a website owner must obtain and store cookie consents from your visitors from the EU.


Try our free compliance test to check if your website’s use of cookies and online tracking is GDPR/ePR compliant.

Consent management is a vital part of a website's responsibility for living up to the GDPR

Updated August 20, 2019.

With the enforcement of the General Data Protection Regulation (GDPR) on May 25 2018, obtaining proper user consent before processing any of their data is a vital responsibility for each and every website.

So, what is consent management?

How do you manage consent in GDPR compliance on your website?

What is valid consent according to the GDPR?

And is there such a thing as a consent management software that can do it all for you?

You'll find answers to all of these questions in this article.

What is consent management?

Consent management is the act or process of managing consents from your users and customers for processing their personal data.

In other words, consent management means to enable for your users the ability to opt-in and out of the specific cookie categories (preferences, statistics and marketing), to consent and to withdraw their consent again if they chose to. 

Consent management is really all about empowering your users to exercise their right to privacy.

A proper consent management system encompasses the following:

A consent management software like Cookiebot does all of this automatically.

Try the Cookiebot consent management software for free today.

GDPR & Consent

The General Data Protection Regulation is an EU law that came into force on 25 May 2018. It affects all organizations, companies and websites, worldwide, that handle personal data of EU citizens.

The GDPR definition of personal data is very wide, and includes “any information relating to an identified or identifiable natural person”, including information that can be combined to single out or build a rich profile of a particular data subject.

Under this definition, statistics (analytics cookies) and marketing cookies (tracking cookies), as used by most websites, are subject to the GDPR.

This means that you need proper consent from your users prior to the setting of all cookies that track personal data. Your users must be informed about all tracking and consent to it before any data can be processed, says the GDPR.

What is valid GDPR consent?

Consent management is a key issue in the GDPR.

The GDPR definition of proper or valid consent is very clear and leaves a clear responsibilities on the shoulders of website owners and operators.

Consent & GDPR go hand in hand - 

Article 7 of the GDPR treats the conditions for consent, and lists the following:

  1. Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.

  2. If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.

    Any part of such a declaration which constitutes an infringement of this Regulation shall not be binding.

  3. The data subject shall have the right to withdraw his or her consent at any time.

    The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

    Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.

  4. When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract.

Real GDPR consent is thus informed, prior to any processing of user data, withdrawable and not on conditions of providing a service.

GDPR consent management is best done with an all-in-one solution, so that you can be sure that your website is compliant and your user's privacy protected.

Do I need consent management for my website?

You most probably do.

If your website makes use of tracking cookies, you need to obtain consent from your users first.

Is your website hosted, for example on WordPress?

Do you make use of Google Analytics or similar tools on your website?

Do you have embedded content on your site, such as YouTube videos or social media buttons?

Then your website probably sets third party tracking cookies on your users’ browsers, and you need to implement a consent management system, that makes sure that...

  1. all cookies are paused until proper consent has been obtained,
  2. the user gets transparent information on the cookies,
  3. and that he or she may withdraw his or her consent at any time.

If you can answer yes to any of the above, you need consent management. The truth is that most websites today need consent management, because almost no website operates without the most basic tools for statistics, marketing or implementation of social media functions.

But consent management is not something you have to sweat about doing yourself.

Being non-compliant with the GDPR is, on the other hand, something you should sweat about: fines can reach €20 million or 4% of the annual global turnover of a company.

ePR & GDPR consent management is our niche expertise here at Cookiebot.

We take our responsibility of protecting privacy very close to heart, and our role as consent manager reflects this.

Cookiebot, a consent management software

There exists a vast range of consent management tools that offer to manage your website’s user consents.

However, make sure to do your research properly and take care to choose one that is fully compliant and meets all of the above requirements.

Many of the consent management tools available - even amongst those that claim to be fully compliant - are not.

Cookiebot is a consent manager and fully compliant software-as-a-service that helps you scan, know and control your website's cookies and other tracking. We offer granular consent and full transparency for yourself and for your users.

Once a month, Cookiebot scans all of the pages of your website, by directing a number of simulated users, that activate and detect all cookies and other known tracking technologies in use on all of the pages of your website.

The result of this audit is sent to you in a report, that can also be integrated on your website, for example as part of your privacy policy or cookie policy, thus ensuring that your information on the tracking activity is always up to date and accurate, as required by the GDPR.

Read about all of the functionality and features, on our Functions page on Cookiebot.com.

In doubt about what cookies are in use on your website?

Try our free test that scans up to five pages of your website and sends you a report on the cookies and online tracking in use on these pages and gives you an indication of whether your website is GDPR/ePR compliant.

See if you need a GDPR consent management solution for you website and if Cookiebot is the right consent manager for you.


Insideprivacy: ePrivacy Directive

i-scoop: GDPR and consent

Performancefoundry: WordPress cookie consent notification plugins review

New CCPA configuration 

Cookiebot offers CCPA compliance!



Make your website’s use of cookies and online tracking compliant today

Try for free