🇪🇺 European Union

GDPR compliance with ConsentX

General Data Protection Regulation

In short

The EU's baseline privacy law. It requires a lawful basis for processing personal data, and for cookies and trackers that means freely given, specific, informed and unambiguous prior consent.

Region

European Union

Status

In force since 2018

Group

Europe & UK

Who it applies to

Any organization that offers goods or services to people in the EU or monitors their behavior, wherever the organization is based.

Penalties

Up to €20 million or 4% of global annual turnover, whichever is higher.

Key obligations

Obtain prior, opt-in consent before non-essential cookies
Make refusing as easy as accepting
Keep records that prove consent
Honor withdrawal at any time
Respect data subject rights (access, erasure, portability)

How ConsentX helps

Prior-script blocking for true opt-in

Equal-weight Allow and Reject controls

Tamper-evident consent receipts and evidence

One-click withdrawal trigger

Built-in DSAR workflow with 30-day SLA

Get GDPR ready with ConsentX

Start free, or book a walkthrough with our team.

Get started free Book a demo

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified counsel.

Frequently asked questions

Do I need consent before setting cookies under GDPR?+

Yes. Non-essential cookies and trackers need freely given, specific, informed prior consent before they run.

Is an Accept-only cookie banner GDPR compliant?+

No. Refusing must be as easy as accepting, and non-essential categories must not be pre-selected.

How do I prove consent in a GDPR audit?+

ConsentX stores a tamper-evident receipt with the policy version and hash for each consent, exportable on demand.

Other frameworks

🇬🇧 UK GDPR 🇺🇸 CCPA / CPRA 🇺🇸 VCDPA 🇺🇸 Colorado CPA 🇺🇸 CTDPA 🇺🇸 UCPA 🇺🇸 TDPSA 🇺🇸 Oregon OCPA 🇺🇸 Montana MCDPA 🇺🇸 Florida FDBR 🇧🇷 LGPD 🇨🇦 PIPEDA 🇮🇳 DPDPA 🌏 PDPA 🇿🇦 POPIA