Consent Solution for DPOs

All-in-one-Solution for GDPR, CCPA, LGPD, PIPEDA and more

As a Data Protection Officer it is your duty to ensure that your company’s website is compliant with all the latest legislations. consentmanager can easily help you with this: Simply install it on your website and we will automatically ask visitors for consent and block 3rd Party Codes & Cookies if no consent is given.

Try now for free!

We already helped more than 15,000 websites becoming GDPR- & CCPA-compliant …

Our clients include some of the largest websites and well-known brands in the world.

… and many more.

Top-10 Reasons why your website is not (yet) GDPR compliant

We’ve analyzed more than 100,000 websites and always find the same errors when it comes to GDPR-compliance. More than 70% of the websites are not GDPR-compliant. Even most websites that use a “Cookie banner” are not GDPR-compliant. Here are the Top 10 reasons we see every day why your website is not GDPR compliant:

#10 – No data controller named

A Cookie Banner is only valid if the visitor can know who the controller is (so to say the “owner” of the data) before the visitor gives consent. If your Cookie Banner does not explicitly list your company as a controller – then your website is not GDPR compliant!

#9 – No access to imprint & privacy notice

While the consent layer should be displayed on every page (document), it is essential, that you do NOT display it on your terms & conditions page, imprint / legal notice or your privacy notice page. These pages must be accessible without interacting with the consent banner.

#8 – Incorrect welcome text

We’ve seen them so often: One-liner cookie texts with low amount of information. What might be the dream of your marketing team – it is simply not sufficient for GDPR-compliance. The welcome text should at least tell the visitor a) that there is data processing, b) that there are third parties involved, c) for which purposes the processing happens and what kind of data will be processed.

#7 – Incorrect headline

Since the consent layer is asking the visitor for permission to process personal data – it is essential that the headline reflects this to your visitors. A headline like “We set cookies” is seen so many times but is not compliant. A better headline would be “Consent for Data processing & Cookies”.

#6 – No possibility to reject

Also very often seen: A consent layer without the possibility to reject. A visitor must have a possibility to say “No, I don’t want Cookies and I don’t want my personal data processed” – if your Cookie Banner does not offer this – then your website is not compliant. (Extra: “But, a visitor could simply leave the website instead of accepting”. Yes, but your website is still not compliant because leaving is not a valid choice under GDPR!)

#5 – Cookie details missing

This is a very simple and logic one, but so often so wrong: If I’m asking my visitors for consent, they should know to what they consent. Hence a Cookie Banner must be able to tell why types of cookies are set, by which vendors and how long they are stored. Without this information: Not compliant.

#4 – Incorrect button setup

This topic was just increasing the last months as new guidelines from Data Protection Authorities like the CNIL or ICO came in: In order to be GDPR-compliant, a Consent Layer must have two buttons of same design for Accept and Reject (can use a third “Settings” button or link). It is not valid to have an Accept and a “Customize” button only.

#3 – Vendor details missing

We see it even with the most expensive GDPR tools: If you design your consent layer, you MUST name all the vendors that process personal data or set cookies on your website. This must include their names, address, legal basis, purpose and more. If your Cookie Banner doesn’t include this information – you are not compliant!

#2 – No Consent Layer

Although GDPR is now more than 3 years old, still there are many websites who do not yet have a consent layer to inform their visitors and ask for consent for tracking, marketing and other things that require consent. Our last study found, that more than 40% of the European websites still don’t have a consent layer or are still using a very old one-line “we set cookies” box that is not compliant.

#1 – Tracking without/before consent

This is definitely and by far the top reason why most websites are not GDPR-compliant: They are setting Cookies or processing personal data without consent. This is mind-blowing, especially since it is so easy to spot with tools like our crawler and so easy to prevent with tools like Auto-Blocking.

Is your website compliant? Get our Checklist!

Download Checklist

Recommended by Lawyers and Data Protection Officers …

ConsentManager also works with …


Not sure if you need a CMP?

If you are unsure if your company needs a CMP or not, please get in touch with us – we will help you find the right solution for your company!

Get In Touch