GDPR compliance with ConsentX
General Data Protection Regulation
European Union
In force since 2018
Europe & UK
Who it applies to
Any organization that offers goods or services to people in the EU or monitors their behavior, wherever the organization is based.
Penalties
Up to โฌ20 million or 4% of global annual turnover, whichever is higher.
Key obligations
- Obtain prior, opt-in consent before non-essential cookies
- Make refusing as easy as accepting
- Keep records that prove consent
- Honor withdrawal at any time
- Respect data subject rights (access, erasure, portability)
How ConsentX helps
Prior-script blocking for true opt-in
Equal-weight Allow and Reject controls
Tamper-evident consent receipts and evidence
One-click withdrawal trigger
Built-in DSAR workflow with 30-day SLA
Get GDPR ready with ConsentX
Start free, or book a walkthrough with our team.
This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified counsel.
Frequently asked questions
What is GDPR?+
The GDPR is the European Union's data-protection law, requiring a lawful basis (often consent) to process personal data, with fines up to โฌ20 million or 4% of global turnover.
Do I need consent before setting cookies under GDPR?+
Yes. Non-essential cookies and trackers need freely given, specific, informed prior consent before they run.
Is an Accept-only cookie banner GDPR compliant?+
No. Refusing must be as easy as accepting, and non-essential categories must not be pre-selected.
How do I prove consent in a GDPR audit?+
ConsentX stores a tamper-evident receipt with the policy version and hash for each consent, exportable on demand.