Logo Logo


The General Data Protection Regulation (GDPR) and ePrivacy Directive (ePR) affect how you as a website owner must obtain and store cookie consents from your visitors from the EU.


Try our free compliance test to check if your website’s use of cookies and online tracking is GDPR/ePR compliant.

Cookie consent and the GDPR is our area of expertise here at Cookiebot

Updated October 27, 2020.

Cookie consent is one of the cornerstones of the EU’s General Data Protection Regulation. It’s the way websites ensure a legal processing of personal data from their users.

But how exactly does it work and how can you make your website compliant with the GDPR’s cookie consent requirements?

Cookiebot is a world-leading consent management platform that offers full GDPR compliance.

Learn more about what cookie consent means, how you obtain them lawfully and how you can use Cookiebot’s GDPR cookie consent plugin on your website.

Why do I need cookie consent on my website?

Cookies on websites track users in different ways. Typically, the IP address of users will be collected, stored and shared, or sometimes merely the actions and behavior of users across websites.

Personal data is defined broadly in the EU’s GDPR as any information that relates to an individual either directly, indirectly or by reference to an identifier, such as an IP address.

Learn more about GDPR and cookies here

GDPR sets out legal bases for the collection and processing of personal data. The very first one is consent.

That is why – if your website has any cookies other than those strictly necessary for its basic function – you must obtain the cookie consent of your users prior to any collection or processing.

Cookiebot's GDPR cookie consent solution

Cookiebot is the world’s leading consent management platform (CMP) with a scanner that detects and automatically controls all cookies and trackers on your website.

Cookiebot enables compliance for your website with major data privacy laws such as EU’s GDPR, California’s CCPA, Brazil’s LGPD and more.

Cookie consent from Cookiebot CMP.

Cookiebot's banner enables cookie consent on your website and full GDPR compliance.

Try Cookiebot free for 30 days – or forever if you have a small website.

Google Consent Mode and Cookiebot

Making your website GDPR compliant while optimizing your analytics data and ads revenues has become lightyears easier with Google Consent Mode and Cookiebot.

Google Consent Mode runs all your website’s favorite Google-services (such as Google Analytics and Google Ads) in one simple way: based on the consents of your end-users, managed automatically in full GDPR compliance by Cookiebot.

Cookiebot fully supports and integrates seamlessly with Google Consent Mode and makes your website GDPR compliant without breaking your analytics or marketing.

If users don’t consent to e.g. statistics or marketing cookies, Google Consent Mode and Cookiebot enables your website to still retain vital aggregate and non-identifying measurements and modeling data, as well as enabling you to display contextual ads rather than targeted ads – respecting user privacy while optimizing your website’s performance.

Google Consent Mode works perfectly with Cookiebot for a super simple compliance solution for your entire website and all of its Google-run analytics and marketing programs.

Get started with Google Consent Mode

Try Cookiebot free for 30 days – or forever if you have a small website.

Scan your website to see what cookies and trackers are in operation

Cookiebot's GDPR cookie consent plugin for WordPress

Cookiebot also comes as a simple WordPress plugin for your website.

Once you have signed up with Cookiebot, simply install our GDPR cookie consent plugin on your WordPress site to ensure full compliance with the European data protection regulation.

Go to Cookiebot’s WordPress GDPR cookie consent plugin here.

Cookiebot also supports compliance with California’s CCPA (California Consumer Privacy Act).

Read more about CCPA compliance with Cookiebot here.

GDPR cookie consent examples

In the EU, cookie consent banners flooded the Internet in the wake of the ePrivacy Directive that was implemented in 2002 and therefore quickly came to known as “the cookie law” for that same reason.

Read more about the ePrivacy Directive here.

Since the enforcement of the GDPR on 25 May 2018, however, simple “accept cookies” banners no longer do.

And since the EDPB guidelines on valid consent from May 2020, websites must be aware that –

Learn more about EDPB guidelines.

Cookie consent from Cookiebot CMP.

A GDPR/ePR compliant consent banner from Cookiebot

This means that the old cookie consent popups that featured only an OK-button without details of cookie types, durations, purposes, and which third parties personal data is shared with, have effectively been made illegal in the EU.

An illegal cookie consent popup for pure proforma.

GDPR and the EDPB guidelines on valid consent in the European Union has cemented the legal fact that websites must obtain the specific, informed, clear and affirmative consent from user before any activation of cookies and collection or processing of personal data can take place.

Cookie consent in detailed cookie banner from Cookiebot CMP.

Cookiebot’s GDPR cookie consent solution that enables full compliance by offering users a real choice of informed, explicit consent.

With Cookiebot, users are informed of the purposes of the cookies up front, and must affirmatively opt in to all categories as part of their prior consent, before those cookies can be activated.

The cookies (which, as mentioned, can be numerous) are arranged in four comprehensible categories. Only strictly necessary cookies are allowed to be pre-ticked on a consent banner in the EU.

Users can also click to see a detailed overview of the cookies in use.

The overview simply folds out of the consent banner, mapping all active cookies and presenting them in an accessible manner.

At a glance, the user can now scroll through all of the cookies, see where they come from, read a description of their function and check their duration.

The user can then easily accept or reject the different types of cookies.

Sign up with Cookiebot today to ensure GDPR & CCPA compliance for your domain.

What is the GDPR all about?

The main purpose of the General Data Protection Regulation (GDPR) is to bring EU data protection legislation up to date with the digital age, protecting personal privacy and restoring the control over their own data to the users.

The latest law on protection of personal data dates from back in 1995.

1995. That’s almost ten years prior to Facebook!

And long before cookies were used for anything and everything from customizing websites to fencing in customers in a sophisticated web of targeted marketing.

The GDPR sets out strict requirements on data handling procedures, transparency, documentation and user consent.

For a quick overview of the main themes of the GDPR, check out the EU Commission’s infographic on the subject, Data Protection: Better rules for small businesses.

Checklist of requirements for GDPR compliant cookie consents

Your GDPR cookie consent solution must enable user consents to be - 

What does the GDPR mean for my website in general?

For website owners, the two primary aspects to be aware of are: how you manage and store personal data, and the cookies and tracking in use on your website.

To meet the requirements, make sure to have a thorough and compliant setup for getting and securely storing the consents to the cookies on your website.

1. How you manage and store personal data in general:

The question to ask yourself are: What personal data are you handling? Do you really need this data, or can you get by without it? Are you able to detect and properly delete personal data, if a user so requests? Is the data securely stored? Do you have proper procedures in place in case of a data breach?

2. The cookies and tracking in use on your website:

This goes for both first-party and third-party cookies in use on your website. All cookies that directly identify a person or can potentially be combined to identify a person may only be used once you have your user’s proper consent to it.

Nowadays, there can be up to hundreds of cookies and tracking technologies in use on websites, and more often than not, website owners don’t even themselves have the full picture of the tracking in use on their own website.

To meet the requirements, make sure to have a thorough and compliant setup for getting and securely storing the consents to the cookies on your website. Start by finding out what cookies are in action on your website, and whether the use is compliant.

All cookies that process personal data are subject to the GDPR.

In practice, this means most cookies, such as cookies for analytics, cookies for advertising and for functional services, for example survey and chat tools.

The GDPR also means you will have to revise your website’s cookie policy or privacy policy, so that they meet the requirements of accuracy and transparency.

What is personal data in the GDPR?

The GDPR covers both data that is directly personal, such as a name, a photo, an email address, bank details, IP address etc., and data that can be combined in a way that can single out and identify individual users.

If your website or organization processes such data, it live up to the GDPR requirements.

Six lawful reasons to process data

It is worth knowing that consent is one of six lawful reasons to process personal data.

Therefore, before applying a setup for user consents, consider whether the processed personal data falls under one of the other categories for lawfulness.

I use Google Analytics, Mailchimp, social media buttons, Salesforce etc. Do I need a cookie consent?

All of the services and features mentioned above are examples of third-parties on your website.

They deposit cookies on your user’s browsers as they visit your website.

You are responsible for protecting your website users and for giving them clear information and choice about how their data is being used, both by you and by third parties in use on your website.

It is therefore adamant that you do have a proper and GDPR compliant cookie policy and cookie consent.

Try Cookiebot free for 30 days... or forever if you have a small website


What is cookie consent?

Cookie consent is the term for when users give their consent to letting a website activate its cookies and trackers that process personal data. Cookie consent is a required legal basis under the GDPR for websites to have in order to be able to collect, process or share the personal data of individuals inside the EU.

Learn more about GDPR and cookie consent

What is the GDPR?

The General Data Protection Regulation (GDPR) is an EU data privacy law that governs all processing of personal data of individuals inside the EU. GDPR requires websites to ask for and obtain the prior and explicit consent from users before processing any personal data from them. Personal data includes names, addresses, ID numbers, information about appearance, health, genetics, location data, as well as online identifiers such as cookies, IP addresses, search and browser history.

Learn more about the GDPR

How does a cookie consent banner work?

A cookie consent banner works by presenting users with detailed information about the website’s cookie setup and enabling users to activate and deactivate cookies, thereby giving or not giving consent to which cookies they will allow to process their personal data.

Try Cookiebot’s consent management platform free for 30 days

How can my website become GDPR compliant?

Your website must inform users of all cookies and trackers, their provider, duration and purpose. Your website must also enable users to activate and deactivate cookies (except those strictly necessary for the basic function of your domain) as a means of giving their consent to the processing of their personal data.

Test for free to see your website’s compliance status




Cookiebot's GDPR cookie consent plugin for WordPress

Article explaining the EU ePrivacy directive and the GDPR

How to make your website compliant

On Cookies in the EU Internet Handbook

Google’s infopage on cookie choice

New: Cookiebot™ for Partners 

Deliver automated cookie compliance at scale with Cookiebot™ for Partners.

Make your website’s use of cookies and online tracking compliant today

Try for free