Need to learn more about the GDPR?

Our free website audit shows you if your website is GDPR-compliant.

    Trying to understand privacy regulations? Need to balance cookie usage on your website with GDPR compliance? We can help.

    Illustration cookie checker - Cookiebot

    Achieve GDPR compliance easily

    Cookie compliance requires that users be informed and have consent choices for their data. Cookiebot CMP enables this with three powerful and automatic core functions.

    • Monitoring: stay up to date on the cookies and tracking technologies your website uses, enabling user notification and consent
    • Control: When required, prevent cookies from being used unless user consent has been obtained
    • Consent: Obtain and store informed, granular consent from users to be compliant with laws like the GDPR

    GDPR compliance FAQ

    Does the GDPR apply to my company?

    The GDPR is “extraterritorial”, which means that the law protect residents of the European Union. If your company does business with residents of its member countries (e.g. providing products or services) and/or if your website collects data from those residents, then this data privacy law applies to you. It does not matter if your company is based in the EU or not.

    Is the EU’s GDPR different from the UK GDPR?

    The EU’s GDPR does not differ much at all from the UK GDPR, since the UK adopted a version of the GDPR with few changes. Since the UK left the European Union in 2020 (Brexit) the GDPR no longer regulated UK data privacy because it was no longer a member state. The UK GDPR took effect January 30, 2020, along with an amended version of the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).

    Like the EU’s GDPR, the UK GDPR also:

    • provides UK residents with a set of rights regarding their personal data and data privacy
    • requires obtaining valid consent from users, e.g. for cookie and tracker use on your website prior to collecting or processing personal data
    • requires secure storage and documentation of consent
    • requires users to be able to change or revoke their consent as easily as to give it

    Both regulations use an “opt in” model for consent, which means that in most cases user consent must be obtained before data can be collected or processed. Companies must also have a legal basis for data processing, like user consent, or other options like fulfilling a contract.

    Under the EU’s GDPR, each member country has its own Data Protection Authority (DPA) that handles enforcement. The enforcement authority for the UK GDPR is the Information Commissioner, representing the Information Commissioner’s Office (ICO), so one centralized authority. Like the EU’s GDPR, the UK GDPR does not provide consumers with private right of action, which is the ability to sue for data breaches or other violations.

    Three areas that the UK GDPR covers that the EU’s GDPR does not are:

    • national security
    • intelligence services
    • immigration
    How do I make my website GDPR-compliant?

    We cannot provide legal advice or guarantee data privacy compliance under any regulation, and recommend consulting qualified legal counsel regarding your specific business and privacy compliance needs.

    However, the GDPR provides clear guidelines and best practices. Companies must have a legal basis for processing personal data. User consent is a common legal basis, but there are others, like fulfilling a contract or public interest. The safest legal basis for many types and purposes of data processing is obtaining and securely managing user consent, as with a consent management solution.

    When using consent as a legal basis, companies must obtain user consent before collecting and processing their personal data in many cases. To be valid, consent must be freely given, specific, informed and unambiguous. Users must be able to understand at a granular level what data usage they are consenting to, and websites cannot use tricks to encourage consent.

    Companies must always provide clear information, like on a Privacy Policy page, that tells users what data is collected, for what purposes, and how it may be shared, sold, or used. Users must also be told their data privacy rights under the law and advised on how to exercise those rights.

    Installing a Consent Management Platform (CMP) like Cookiebot CMP is easy and setup is user-friendly. It enables companies to provide data privacy information and obtain and store valid consent from users. The CMP will also scan websites to determine what cookies and tracking technologies are in use, and block their usage until user consent for them is obtained, thus helping with privacy compliance.

    With Geolocation features, the CMP can customize messaging and functions based on where the user is located, to enable specific compliance with GDPR, for example. Thanks to automated consent management, the CMP will also stay up to date with the legal landscape and technology to help maintain compliance.

    Do you have more questions?
    Pepco
    Rural King
    Orbico
    Credit Exchange
    Canon
    Bauhaus

    Learn how easy it is to get your website privacy-compliant

    If you want to get your website compliant with the GDPR, Cookiebot CMP is easy to set up, user-friendly to customize and uses powerful scanning technology to help you achieve and maintain privacy compliance for cookie use with regulations like the GDPR. Best of all, you can get started for free. Here’s how.

    Automatiseret cookie-scanning og deklaration

    1. Scan your website

    Just enter your website address for a free scan that will detect the cookies and other tracking technologies that you are using and let you know if they are being deployed in a compliant way.

    2. Start your free trial

    Sign up for your 14-day free trial. It’s fast and easy — only 3 simple steps that don’t need IT or Legal resources. Get the peace of mind of state of the art consent management with automated monitoring and blocking of cookies.

    3. Customize your CMP

    Customize the appearance and messaging of the CMP for relevant regulations and your company’s branding with user-friendly tools. Provide clear messaging and consent options to build trust and improve consent rates.

    The most used solution for compliant use of cookies and online tracking

    Used on

    1.4 million

    websites

    Manages

    5.2 billion

    monthly user consents

    Supports

    47+

    different languages

    Frequently asked questions

    What are consumers’ rights under the GDPR?

    Under the GDPR consumers have the following rights:

    • Right to access – to see or obtain their personal data that has been collected
    • Right to rectification – to have incomplete or incorrect data about them corrected
    • Right to erasure – to request deletion of their personal data (also referred to as the “right to be forgotten”)
    • Right to restriction of processing – limiting what personal data about them can be processed and for what purposes
    • Right to object (to processing) – to opt out of having their data processed at all
    • Right to be notified – regarding rectification, erasure, or restriction of processing
    • Right to data portability – to receive a copy of their data in a reasonably usable format to be taken elsewhere
    • Right regarding automated individual decision-making, including profiling – to opt out of the use of technologies to make decisions regarding the user
    What are the penalties for not complying with the GDPR?

    Enforcement of the GDPR is handled by a Data Protection Authority (DPA) in each EU member country.

    Fines under the GDPR can be up to 4% of a company’s global annual turnover or €20 million, whichever is highest. Size of fines is generally determined by the nature, severity and duration of the violation.

    The GDPR does not provide private right of action, so consumers cannot sue companies that violate data privacy. Additional penalties can include being required to amend or cease data processing. This can lead to a limit on or loss of data and revenue. Data privacy violations can also have a significant negative effect on users’ trust and a company’s reputation.

    What are legal bases?

    Under the GDPR, legal bases or the “lawfulness of processing” are legally acceptable reasons for companies or other organizations to collect and process personal data.

    User consent is one legal basis, though the GDPR lists six in total, A “data subject” is a person whose personal data is processed, e.g. ecommerce customers, website visitors, app users, etc.

    • the data subject (e.g. user) has given consent
    • to fulfill a contract with the data subject
    • to comply with a legal obligation to which the data controller (e.g. company) is subject
    • to protect the vital interests of the data subject or of another natural person
    • in the public interest, or where the data controller is exercising official authority
    • legitimate interests pursued by the data controller or a third party, e.g. for individual, commercial or societal benefit

    Legitimate interest is often used to justify data processing, but can be difficult to prove adequately. The safest legal basis for many types and purposes of data processing is obtaining and securely managing user consent, as with a consent management solution.

    What is considered “personal data”?

    Generally, personal data can refer to any information that relates to an individual that would enable that person to be directly or indirectly identified. It could mean obvious data like names, ID numbers, or email addresses, or less obvious data that may not be identifiable except combined with other data, like IP addresses or browser cookie information.

    There is also an additional category of “sensitive” personal data, which is information that is identifying, but could also cause harm if misused. This can include data like gender, religious beliefs, political affiliation, or medical information. Some technical information like biometric or geolocation data can also qualify if the intent is to use it to identify a person.

    Do I have to obtain consent for all data collection?

    We cannot provide legal advice, and recommend consulting qualified legal counsel regarding your specific business and data processing situation.

    Overall, it is important to know what regulations you need to comply with. Your responsibilities may differ under the UK GDPR compared to the EU’s GDPR or the privacy laws in the United States, for example.

    However, in addition to legal requirements, being transparent with users about data collection and use, as well as requesting and respecting their consent choices creates great user experiences, which build trust with your company and help develop higher engagement and longer-term relationships.

    What if I have to comply with other regulations as well?

    For companies doing business in multiple regions or countries, it is entirely possible that you may need to comply with multiple regulations. Achieving GDPR compliance often significantly assists companies in achieving compliance with other laws due to its scope and specificity. However, achieving compliance with the state-level laws in the United States, for example, could be quite different due to their specific requirements and the “opt out” model for consent. We cannot provide legal advice and recommend consulting qualified legal counsel regarding your specific business and data processing situation.

    A consent management solution like the Cookiebot CMP can enable you to present different options to users in different countries, using geolocation functions. This can enable you to supply the correct privacy information and obtain consent correctly to comply with different regulations.

    How do I make sure I don’t get fined?

    We cannot provide legal advice or guarantee privacy compliance with any regulation, and recommend consulting qualified legal counsel regarding your specific business and data processing situation. However, knowing which regulations you need to comply with is important, and what their requirements are regarding consumer rights, notification, consent, and data use. Also knowing what cookies and other tracking technologies are in use on your website is important to ensure correct consent can be obtained.

    Ensuring that users are clearly informed about their consent choices is important, as is presenting all choices equally. Dark patterns and other elements to nudge or trick users into consenting should not be used.

    Additionally, ensure that only as much data as is necessary is collected and processed only for the purposes communicated. Ensure data is kept accurate and only stored for as long as it is needed to fulfill the processing purpose. Maintain the required standards of security and privacy, and ensure processes are in place to uphold accountability.

    A consent management platform (CMP) can help you not only obtain and store consent correctly, but can also help you ensure that you provide and maintain accurate and up to date information about data processing services in use (e.g. cookies).

    Will I lose a lot of data if I use a CMP?

    That doesn’t have to happen, though we cannot make guarantees on the performance of individual CMP implementations. There are many ways to optimize your consent management platform (CMP) to increase consent rates and data flow. Having a great user interface that matches your corporate branding, has clear messaging and user-friendly functionality is important. Making it easy for users to understand your data processing and make consent choices is also very valuable.

    The Cookiebot CMP also has tools like analytics to help you analyze the CMP’s performance and optimize it to maximize data capture. It should also be noted that many premium advertisers are increasingly insisting on proof of consent before doing business with companies, so not obtaining correct consent can affect ad revenues.

    What features are not included in the free plan?

    The Free plan does not include the following Premium plan standard features:

    • customize banner
    • customize declaration
    • multiple languages
    • data export
    • geolocation
    • Cross-domain Consent Sharing
    • consent statistics
    • internal domain alias for development, test and staging

    Check out our Plans & Pricing page to get more information or do a full comparison.

    Do I have to sign a contract?

    We don’t have any contracts for Cookiebot CMP and there are no hidden fees or long-term commitments. You can cancel your subscription at any time.

    How much do your plans cost after the free trial?

    It depends on your business needs and the number of domains and subpages you have.

    Check out our Plans & Pricing page to get more information for your company’s specific needs.

    Can I cancel my free trial?

    Yes, at any time you can cancel your free trial or your plan if you previously signed up. You can do this via your “My account” page. Downgrade or cancel actions take effect at the end of your current billing period.

    Start your free trial now

    Get started

      Stay informed

      Join our growing community of data privacy enthusiasts now. Subscribe to the Cookiebot™ newsletter and get all the latest updates right in your inbox.

      By clicking on “Subscribe” I confirm that I want to subscribe to the Cookiebot™ newsletter. I can easily cancel my Cookiebot™ newsletter subscription and revoke consent to use my data by clicking the unsubscribe link or I can write to [email protected] to make the request. Privacy policy.

        Stop worrying about compliance!

        Find out if your website is compliant and how to fix it.