Set GDPR cookies correctly

GDPR

General Data Protection Regulation

To help you with things like GDPR, CMP and consent, we’ve rounded up the most common questions here.

• Please note that we cannot provide legal advice. Some points of this FAQ may also change over time or be interpreted differently by courts. That’s why you should always consult your lawyer!

• What is GDPR?

  GDPR stands for General Data Protection Regulation, in English it is referred to as GDPR or General Data Protection Regulation. This is a regulation of the European Union that regulates how private companies must handle personal data. The regulation came into force on April 27, 2016 and has been mandatory since May 25, 2018. Thus standards for data protection are standardized and binding throughout the EU . The GDPR text is quite general and should be implemented in concrete national law. The so-called ePrivacy regulation is intended for this.

• What is the ePrivacy Regulation?

  The ePrivacy Regulation regulates the handling of personal data, particularly in electronic communication (Internet, e-mail, …). The regulation should not be confused with the ePrivacy Directive (“Cookie Directive”), which came into force before the GDPR and restricts the use of cookies. As the GDPR text deals with data protection in general, member states will need deeper laws or regulations to cover the specific cases and areas of application. In particular, data protection on the Internet plays an important role because large amounts of information and personal data are collected and processed here. At the same time, data processing is largely non-transparent for the user because it takes place in the background. The combination of GDPR and ePrivacy Regulation places a high priority on how you deal with cookies .

The history of the GDPR

On the safe side

What is personal data according to the GDPR text?

Personal data require special protection. In particular, unless performance of a contract or legitimate interests make this necessary, the user must explicitly give their consent before their data can be processed, stored or passed on.

• GDPR cookies opt-in and opt-out

  This consent is referred to as an opt-in . You know the procedure from newsletters, for example: You have to actively register and even confirm the e-mail address (double opt-in). Businesses are not allowed to send you unsolicited advertising.

  For example, some privacy laws, such as the California Consumer Privacy Act (CCPA) in California, provide for an opt-out, which means that users can refuse cookies. In this case, the cookies are set by default; the visitor can deselect them.

• Special rights of data subjects

  • Information obligation of the person responsible: You must inform the visitor comprehensively and completely about the processing of the data. This also includes the purposes/goals/intentions and other recipients such as third-party providers. You must also inform the user of their rights in the GDPR cookie notice
  • Right to information : At the request of the person concerned, you must provide complete information as to whether and which data you have stored or passed on, for what purpose, etc.
  • Right to rectification : if the user consents to the processing of the data, you must correct or update it if requested.
  • Right to deletion (“to be forgotten”): The user can revoke his consent as well as order immediate deletion.
  • Right to restriction of processing: The data subject may request that you limit the use of the data collected, even if the previous consent provided for broader processing.

Article 9 GDPR

Processing of special categories

The more detailed information that is available about a target audience, the more interesting the processing of personal data becomes for advertisers. The GDPR explicitly protects certain personal information even more.

Data processing limitations

• The processing of the following data is therefore expressly prohibited under Article 9 GDPR:
  • Ethnic Origin
  • Political Opinions/Union
  • belief/religion
  • Genetic/biometric data
  • health data
  • sexual orientation

• Exceptions in Article 9 GDPR

  Exceptions are defined in Art. 9 Para. 2 GDPR:
  

  • The data subject expressly consents to the processing for the specified purposes. The processing is necessary in order for the data subject to exercise his or her rights and fulfil his or her obligations.
  • Vital Interests
  • Processing by a non-profit organisation in the course of its legitimate activities or membership. If the data subject is a member of a political party, for example, it may process the information about party affiliation internally
  • The data subject has made the data public
  • In judicial aspects
  • Significant public interest
  • health care and occupational medicine
  • Public Health Care / Emergency Response
  • Archival work, scientific, historical research and limited for statistics

What do GDPR cookies mean for my website?

If you are a publisher, publisher, network, SSP, agency or advertiser, you will most likely need to obtain user consent in the future. To do this you need a consent management provider like consentmanager.

• Cookie banner GDPR

  A cookie banner informs the visitor about the cookies set and how they work . Cookies that are required for the website to function must (logically) be accepted. The GDPR cookie notice must not contain any pre-set ticks. The legislator does not prescribe what the GDPR cookie banner should look like. Therefore, use the leeway and freedom to design the cookie notice in the best possible way . With the right know-how you are legally compliant and customer-friendly at the same time!

• Set GDPR cookies with consentmanager

  With our Consent Management Provider you have a full overview of the GDPR cookies you use. With ready-made designs and texts in over 30 languages, you can get started immediately and are always GDPR-compliant with certainty. The integrated cookie crawler checks your website for new providers on a daily basis and automatically blocks all cookies without your consent (consent). Our tool can be integrated into any common system and is compatible with practically all applications. You can adapt the GDPR cookie banner to your design and wording and make further settings, e.g. with regard to the buttons. The system uses A/B testing to determine which settings work best, ie have the best acceptance rate among visitors.

• Data protection made easy

  If users make use of their rights, they must act immediately. You must provide complete information , restrict the data or delete it completely. This presents you with the challenge of being able to determine all this information, process it and change it accordingly. It’s very easy with our consentmanager. It not only gives you valuable working time , but also ensures legal certainty and fast processing of user inquiries. Your professional reaction and exemplary handling of sensitive data will increase your customers’ satisfaction. This in turn increases trust in your company (in your products, services, etc.).

Packages

Liability and Penalties

• According to Art. 82 para. 2 GDPR , each person responsible for processing is liable for damage. Since the visitor to your website gives their consent (consent) to the processing of personal data, you are responsible for GDPR-compliant consent management.

• According to Art. 83 para. 1 GDPR must be effective, proportionate and (explicitly!) deterrent in each individual case. The amount of the sanctions depends on the type and severity of the offense against the GDPR cookies. The legislator attaches considerable importance to data protection. Your customers see it the same way. GDPR compliance is therefore in your best interest for both financial and reputational reasons.

• Example: In the event of violations of consent (such as Article 9 GDPR) or the rights of those affected, there is a risk of a fine of up to EUR 20 million or 4% of global annual turnover ; the higher amount counts.

• Our basic package from consentmanager is free and available in the standard package from 50 euros per month.

Ensure compliance of your website with the new Data Protection Act (TTDSG) now

• Test the consentmanager and offer your visitors tangible added value that will create trust. In recent months there have been reports of data leaks and insufficient privacy protection. With a professional query from the consentmanager, you show your visitors that you take this topic very seriously.
• What’s more: you put all decisions transparently in the hands of your potential customers right from the start. This will have a positive effect on the image and the seriousness of your website . Not only do they ensure compliance with data protection law, but they actively invest in visitor satisfaction. Rankings and conversion can be optimized by reducing the bounce rate and increasing the length of stay.
• You can see here that consentmanager can not only pay off for you on the important level of data protection. The new data law has been strategically important since the decision was taken at the latest. With consentmanager you can implement a holistic solution from which you as a website operator will benefit on many levels. You can take the first steps right now.