DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

๐Ÿ‡ช๐Ÿ‡บ European Union

GDPR

General Data Protection Regulation

In short
The EU's baseline privacy law. It requires a lawful basis for processing personal data, and for cookies and trackers that means freely given, specific, informed and unambiguous prior consent.
Region

European Union

Status

In force since 2018

Group

Europe & UK

Who must comply

Any organization that offers goods or services to people in the EU or monitors their behavior, wherever the organization is based.

Penalties

Up to โ‚ฌ20 million or 4% of global annual turnover, whichever is higher.

Key obligations

  • Obtain prior, opt-in consent before non-essential cookies
  • Make refusing as easy as accepting
  • Keep records that prove consent
  • Honor withdrawal at any time
  • Respect data subject rights (access, erasure, portability)

How ConsentX helps

Prior-script blocking for true opt-in

Equal-weight Allow and Reject controls

Tamper-evident consent receipts and evidence

One-click withdrawal trigger

Built-in DSAR workflow with 30-day SLA

Get GDPR ready with ConsentX

Get started free Book a demo

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with GDPR using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under GDPR.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that GDPR requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a GDPR audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Do I need consent before setting cookies under GDPR?+

Yes. Non-essential cookies and trackers need freely given, specific, informed prior consent before they run.

Is an Accept-only cookie banner GDPR compliant?+

No. Refusing must be as easy as accepting, and non-essential categories must not be pre-selected.

How do I prove consent in a GDPR audit?+

ConsentX stores a tamper-evident receipt with the policy version and hash for each consent, exportable on demand.

Countries under GDPR

๐Ÿ‡ฉ๐Ÿ‡ช Deutschland๐Ÿ‡ซ๐Ÿ‡ท France๐Ÿ‡ช๐Ÿ‡ธ Espaรฑa๐Ÿ‡ฎ๐Ÿ‡น Italia๐Ÿ‡ณ๐Ÿ‡ฑ Nederland๐Ÿ‡ง๐Ÿ‡ช Belgiรซ / Belgique๐Ÿ‡ต๐Ÿ‡ฑ Polska๐Ÿ‡ต๐Ÿ‡น Portugal๐Ÿ‡ธ๐Ÿ‡ช Sverige๐Ÿ‡ฆ๐Ÿ‡น ร–sterreich๐Ÿ‡ฎ๐Ÿ‡ช ร‰ire / Ireland๐Ÿ‡ฉ๐Ÿ‡ฐ Danmark๐Ÿ‡ซ๐Ÿ‡ฎ Suomi๐Ÿ‡ฌ๐Ÿ‡ท ฮ•ฮปฮปฮฌฮดฮฑ๐Ÿ‡จ๐Ÿ‡ฟ ฤŒesko๐Ÿ‡ท๐Ÿ‡ด Romรขnia๐Ÿ‡ญ๐Ÿ‡บ Magyarorszรกg๐Ÿ‡ง๐Ÿ‡ฌ ะ‘ัŠะปะณะฐั€ะธั๐Ÿ‡ญ๐Ÿ‡ท Hrvatska๐Ÿ‡ธ๐Ÿ‡ฐ Slovensko๐Ÿ‡ธ๐Ÿ‡ฎ Slovenija๐Ÿ‡ฑ๐Ÿ‡น Lietuva๐Ÿ‡ฑ๐Ÿ‡ป Latvija๐Ÿ‡ช๐Ÿ‡ช Eesti๐Ÿ‡ฑ๐Ÿ‡บ Lรซtzebuerg๐Ÿ‡จ๐Ÿ‡พ ฮšฯฯ€ฯฮฟฯ‚ / Kฤฑbrฤฑs๐Ÿ‡ฒ๐Ÿ‡น Malta๐Ÿ‡ณ๐Ÿ‡ด Norge๐Ÿ‡ฎ๐Ÿ‡ธ รsland๐Ÿ‡ฑ๐Ÿ‡ฎ Liechtenstein

Other regulations

๐Ÿ‡ฌ๐Ÿ‡ง UK GDPR๐Ÿ‡บ๐Ÿ‡ธ CCPA / CPRA๐Ÿ‡บ๐Ÿ‡ธ VCDPA๐Ÿ‡บ๐Ÿ‡ธ Colorado CPA๐Ÿ‡บ๐Ÿ‡ธ CTDPA๐Ÿ‡บ๐Ÿ‡ธ UCPA๐Ÿ‡บ๐Ÿ‡ธ TDPSA๐Ÿ‡บ๐Ÿ‡ธ Oregon OCPA๐Ÿ‡บ๐Ÿ‡ธ Montana MCDPA๐Ÿ‡บ๐Ÿ‡ธ Florida FDBR๐Ÿ‡ง๐Ÿ‡ท LGPD๐Ÿ‡จ๐Ÿ‡ฆ PIPEDA๐Ÿ‡ฎ๐Ÿ‡ณ DPDPA๐ŸŒ PDPA๐Ÿ‡ฟ๐Ÿ‡ฆ POPIA๐Ÿ‡จ๐Ÿ‡ญ FADP๐Ÿ‡จ๐Ÿ‡ฆ Law 25๐Ÿ‡ฒ๐Ÿ‡ฝ LFPDPPP๐Ÿ‡ฆ๐Ÿ‡ท PDPL๐Ÿ‡จ๐Ÿ‡ฑ Law 21.719๐Ÿ‡จ๐Ÿ‡ด Law 1581๐Ÿ‡ต๐Ÿ‡ช Law 29733๐Ÿ‡บ๐Ÿ‡พ Law 18.331๐Ÿ‡ช๐Ÿ‡จ LOPDP