Consent solution for data protection officers
All-in-one solution for GDPR, CCPA, LGPD, PIPEDA and more
As a data protection officer, it is your duty to ensure that your company’s website complies with the latest legislation. consentmanager can help you with this easily: just install it on your website and we will automatically ask visitors for consent and block 3rd party code & cookies if consent is not given.
We have already helped more than 25,000 websites comply with GDPR, TDDDG & ePrivacy
Our clients include some of the biggest websites and best known brands in the world.
… and many more.
Top tool for top DPOs
The 10 most important reasons why your website is not (yet) GDPR compliant
We’ve analyzed more than 100,000 websites and we always find the same errors when it comes to GDPR compliance. More than 70% of websites are not GDPR compliant . Also, most websites that use a “cookie banner” are not GDPR compliant. Here are the top 10 reasons why we see every day why your website is not GDPR compliant:
#10 – No data controller named
A cookie banner is only valid if the visitor can know who the controller is (the “owner” of the data, so to speak) before the visitor gives their consent. If your cookie banner doesn’t explicitly list your company as a data controller – then your website isn’t GDPR compliant!
#9 – No access to imprint & privacy policy
While the consent level should be displayed on every page (document), it is important that you DO NOT display it on your Terms of Service page, Legal Notice / Legal Notice or Privacy Notice page. These pages must be accessible without interacting with the consent banner.
#8 – Wrong welcome text
We’ve seen them so many times: single-line cookie texts with little information. What your marketing team may be dreaming of – it just isn’t enough to be GDPR compliant. The welcome text should at least tell the visitor a) that data processing takes place, b) that third parties are involved, c) for which purposes the processing takes place and what type of data is processed.
#7 – Wrong headline
Because the consent level asks the visitor for permission to process personal data, it’s important that the headline reflects this to your visitors. A headline like “We set cookies” is seen so often but is non-compliant. A better heading would be “Consent to data processing & cookies”.
#6 – No opt-out option
Also seen very often: A consent level without the possibility of rejection. A visitor must be able to say “No, I do not want cookies and I do not want my personal data to be processed” – if your cookie banner does not offer this – then your website is not compliant. (Extra: “But a visitor might just leave the site instead of accepting.” Yes, but your website is still non-compliant as leaving is not a valid choice under GDPR!)
#5 – Cookie details are missing
This is very simple and logical, but so often so wrong: if I ask my visitors for their consent, they should know what they consent to. Therefore, a cookie banner must be able to recognize why types of cookies are set, by which providers and how long they are stored. Without this information: Not compliant.
#4 – Incorrect button configuration
This topic has only increased in recent months with the addition of new guidelines from data protection authorities such as the CNIL or ICO: to be GDPR compliant, a consent layer must have two buttons with the same design for Accept and Decline (may use a third “Settings” button or link). It is not allowed to have only one “Accept” and “Customize” button.
#3 – Vendor details are missing
We see it even with the most expensive GDPR tools: When designing your consent layer, you MUST identify all vendors that process personal data or set cookies on your website. This must include name, address, legal basis, purpose and more. If your cookie banner does not contain this information, you are not compliant!
#2 – No consent layer
Even though the GDPR is now more than 3 years old, there are still many websites that still don’t have a consent layer to inform their visitors and ask for consent for tracking, marketing and other things that require consent. Our latest study found that more than 40% of European websites still have no consent level or are still using a very old single-line “We set cookies” field that is non-compliant.
#1 – Tracking without/before consent
This is definitely and by far the main reason why most websites are not GDPR compliant: they set cookies or process personal data without consent. This is mind-boggling, especially since it’s so easy to spot with tools like our crawler and so easy to prevent with tools like auto-blocking.