Ready for the new Google Consent Mode v2? Learn more »

GDPR cookies set correctly

Since May 25, 2018, the General Data Protection Regulation (GDPR) has been in force in all EU member states. Because the GDPR puts a particular focus on cookies and brings important new regulations into force for website operators, we have compiled an overview of the most important information for you.

Rechtskonforme Cookie-Banner- und Consentlösung


General Data Protection Regulation

To help you with things like GDPR, CMP and consent, we have compiled the most frequently asked questions here.

  • What is the GDPR?

    DSGVO stands for General Data Protection Regulation, in English it is called GDPR. This is a regulation of the European Union that regulates how private companies must handle personal data. The regulation came into force on April 27, 2016 and has been mandatory since May 25, 2018. This will standardise and make data protection standards binding across the EU . The GDPR text is quite general and is intended to be implemented into concrete national law. The so-called ePrivacy Regulation is intended for this purpose.

  • What is the ePrivacy Regulation?

    The ePrivacy Regulation is intended to regulate the handling of personal data in the future, particularly in electronic communication (Internet, e-mail, etc.). It should not be confused with the ePrivacy Directive (“Cookie Directive”), which came into force before the GDPR and restricts the use of cookies. Since the GDPR deals with data protection in general, member states need more specific laws and regulations for concrete use cases. Data protection on the Internet plays a particularly important role, as a lot of personal data is collected and processed here, often in a way that is not transparent to the user. The ePrivacy Regulation, which is not expected to come into force until 2025 at the earliest, will introduce stricter rules for cookies and tracking technologies. The combination of GDPR and ePrivacy Regulation makes the handling of cookies and other tracking technologies even more important.

Who has to comply with GDPR cookies?

With regard to online advertising, GDPR cookies play a role when

  • the publisher is based in the EU
  • the advertiser is based in the EU
  • the mediators/networks/brokers/… is/are based in the EU
  • the visitor to the website / recipient of the advertising is based in the EU
  • a third party involved (e.g. ad server provider) is based in the EU

This means that the GDPR also applies to companies that are not based in the EU but deliver advertising to EU citizens .

Consent-Lösungen für Agenturen

On the safe side

What are personal data according to the GDPR text?

Personal data require special protection. The term refers to any information relating to an identifiable individual. In particular, the user must explicitly give his consent before his data may be processed, stored or passed on.

  • GDPR Cookies Opt-in and Opt-out

    This consent is called opt-in . You know the procedure from newsletters, for example: You have to actively register and even confirm the e-mail address (double opt-in). Companies are not allowed to send you unsolicited advertising.

    For example, some data protection laws such as California’s CPRA (California Privacy Rights Act), which replaces the former CCPA (California Consumer Privacy Act), provide for an opt-out. In this case, cookies are set by default. The CPRA expands consumer rights and introduces stricter data protection requirements to further improve the protection of personal information.

  • Special rights of data subjects

    • Information obligation of the person responsible: You must inform the visitor comprehensively and completely about the processing of the data. This also includes the purposes/goals/intentions and other recipients such as third-party providers. Furthermore, you must inform the user about his rights in the GDPR Cookie Notice
    • Right to information : At the request of the person concerned, you must provide complete information as to whether and which data you have stored or passed on, for what purpose, etc.
    • Right to rectification : If the user gives his consent to the processing of the data, you must correct or update it upon request.
    • Right to deletion (“to be forgotten”): The user can revoke his consent as well as order immediate deletion.
    • Right to restriction of processing: The data subject can request that you restrict the use of the data collected, even if the previous consent provided for broader processing.

What do GDPR cookies mean for my online marketing?

For online advertising, the GDPR has the following particular significance:

  1. The setting of cookies is no longer possible without consent. This means that you may only track actions for which the user has explicitly given their consent. All other cookies must be blocked. You need a GDPR cookie notice text.
  2. Storing personal data is no longer possible without consent. In connection with online marketing, this applies in particular to the IP address of the visitor.
  3. The sharing of personal data is no longer possible without consent. For example, in the context of OpenRTB or in the form of placeholders, you may no longer pass on data such as the IP address of the visitor.
Consent-Lösung für DSGVO, TTDSG, CCPA, PIPEDA

Article 9 GDPR

Processing of special categories

The more detailed information that is available about a target audience, the more interesting the processing of personal data becomes for advertisers. The GDPR explicitly provides greater protection for certain personal information.

  • Data processing limitations

  • Therefore, the processing of the following data is expressly prohibited according to Article 9 GDPR:
    • Ethnic Origin
    • Political Opinions/Union
    • belief/religion
    • Genetic/biometric data
    • health data
    • sexual orientation
  • Exceptions in Article 9 GDPR

    Exceptions are defined in Art. 9 para. 2 GDPR:

    • The data subject expressly consents to the processing for specified purposes. The processing is necessary so that the data subject can exercise his or her rights and fulfil his or her obligations.
    • Vital Interests
    • Processing by a non-profit organisation in the course of its legitimate activities or membership. If the person concerned is, for example, a member of a political party, the party may process information about their party affiliation internally.
    • The data subject has made the data public
    • In judicial aspects
    • Significant public interest
    • health care and occupational medicine
    • Public Health Care / Emergency Response
    • Archival work, scientific, historical research and limited for statistics

Article 9 GDPR Cookie Banner

Third parties set cookies and collect data on your website. As the operator, you are responsible for informing your visitors and confirming the cookies. Therefore, if third parties want to collect and process personal data within the meaning of Article 9 GDPR, the GDPR cookie banner must contain the specified purposes. They should therefore be treated with even more sensitivity than general statements about age, gender, etc. Transparency leads to customer satisfaction and greater acceptance. You also get more sales through advertising revenue from advertisers on your site.

IAB konformes CMP, DSGVO, TTDSP, CCPA und mehr

What do GDPR cookies mean for my website?

If you are a publisher, network, SSP, agency or advertiser, you will most likely need to obtain user consent in the future. To do this, you need a consent management provider like our c onsentmanager .

  • Cookie Banner GDPR

    A cookie banner informs the visitor about the cookies set and how they work . Cookies that are required for the website to function must (logically) be accepted. The GDPR cookie notice must not contain any pre-selected boxes. The legislator does not prescribe what the GDPR cookie banner should look like. Therefore, use the leeway and freedom to design the cookie notice in the best possible way . With the right know-how you are legally compliant and customer-friendly at the same time!

  • Set GDPR cookies with consentmanager

    With our Consent Management Provider you have a complete overview of the GDPR cookies you use. With ready-made designs and texts in over 30 languages, you can get started right away and be sure to always be GDPR compliant. The integrated cookie crawler checks your website daily for new providers and automatically blocks all cookies without consent. Our tool can be integrated into any common system and is compatible with practically all applications. You can adapt the GDPR Cookie Banner to your design and wording and make further settings, e.g. regarding the buttons. The system uses A/B testing to determine which settings work best, ie have the best acceptance rate among visitors.

  • Data protection made easy

    If users make use of their rights, they must act immediately. You must provide complete information , restrict the data or delete it completely. This presents you with the challenge of being able to determine all this information, process it and change it accordingly. With our consentmanager this is very easy. It not only gives you valuable working time , but also ensures legal certainty and fast processing of user inquiries. Your professional reaction and exemplary handling of sensitive data will increase your customers’ satisfaction. This in turn increases trust in your company (in your products, services, etc.).



Permanently free for
a website
  • 5,000 views / month incl.
  • GDPR Compliant
  • Premade Designs
  • 1 crawl/week
  • Support: tickets
  • additional Views bookable
  • IAB TCF compatible CMP
  • IAB GPP standard
  • A/B testing & optimization
  • additional user accounts


Monthly for
a website
  • 100,000 views / month incl.
  • additional Views:0.1  / 1000
  • GDPR Compliant
  • Customizable designs
  • 3 crawls/day
  • Support: tickets
  • A/B testing & optimization
  • IAB TCF compatible CMP
  • IAB GPP standard
  • additional user accounts
Very popular


Monthly for up to
3 websites or apps
  • 1 million views / month incl.
  • additional Views:0.05  / 1000
  • GDPR Compliant
  • IAB TCF compatible CMP
  • IAB GPP standard
  • Customizable designs
  • A/B testing & optimization
  • 10 crawls/day
  • Support: Ticket & Email
  • additional user accounts


Monthly for up to
20 websites or apps
  • 10 million views / month incl.
  • additional Views:0.02  / 1000
  • GDPR Compliant
  • IAB TCF compatible CMP
  • IAB GPP standard
  • Customizable designs
  • A/B testing & optimization
  • 100 crawls/day
  • 10 additional user accounts
  • Support: Ticket, email & phone
  • Personal account manager


On demand
Monthly price by individual agreement
  • Any Views / Month
  • additional Views:0.02  / 1000
  • GDPR Compliant
  • IAB TCF compatible CMP
  • IAB GPP standard
  • Customizable designs
  • A/B testing & optimization
  • Any crawls/day
  • any add. user accounts
  • Support: Ticket, email & phone
  • Personal account manager

Liability and Penalties

  • According to Art. 82 para. 2 GDPR , any controller involved in processing is liable for any damage. Since the visitor to your website gives his consent to the processing of personal data, you are responsible for GDPR-compliant consent management.
  • According to Art. 83 para. 1 GDPR must be effective, proportionate and (explicitly!) deterrent in each individual case. The level of sanctions depends on the nature and severity of the violation of the GDPR cookies. The legislator attaches considerable importance to data protection. Your customers see it the same way. GDPR compliance is therefore in your own interest for both financial and reputational reasons.
  • Example: In the event of a breach of consent (such as Article 9 GDPR) or of the rights of the data subjects, a fine of up to EUR 20 million or 4% of the global annual turnover is threatened, whichever is higher.
  • Enforcement of the GDPR has become stricter in recent years, with significant fines being imposed for violations. Recent rulings have shown that both data controllers and data processors can be held equally liable. Violations of international data transfer guidelines were particularly highlighted, as was the provision of non-compliant cookie banners and the unlawful processing of children’s data. Consequently, companies should continuously review and adapt their data protection practices to avoid heavy fines and meet the requirements of the GDPR.

GDPR Website Check

With our free GDPR website check you can check your site for GDPR compliance. The cookie crawler integrated in consentmanager performs this GDPR website check several times a day to find and categorize new providers and cookies. So you are always on the safe side.

Cookie-Consent-Management und Cookie-Banner von consentmanager

Ensure your website’s compliance with the TTDSG/TDDDG now

  • The Telecommunications Digital Services Data Protection Act (TDDDG) replaces the TTDSG and was updated on May 14, 2024. It has been adapted to bring German law into line with the European Digital Services Act (DSA). The Telecommunications Secrecy Act (TDDDG) protects telecommunications secrecy and sets out special regulations for the protection of personal data in telecommunications and digital services. It sets out privacy requirements for incoming calls, calling line identification, automatic call forwarding and end-user directories. Providers of digital services must take technical and organizational measures to protect data and provide information about inventory and usage data. The law also regulates the protection of privacy in end devices and determines the competent supervisory authorities for data protection in telecommunications, taking into account the responsibilities under state law and the Federal Data Protection Act.
  • Test the consentmanager and offer your visitors tangible added value that will create trust. In recent months there have been reports of data leaks and insufficient privacy protection. With a professional consent manager query, you show your visitors that you take this issue very seriously.
  • What’s more: you put all decisions transparently in the hands of your potential customers right from the start. This will have a positive effect on the image and the seriousness of your website . Not only do they ensure compliance with data protection law, but they actively invest in visitor satisfaction. Rankings and conversion can be optimized by reducing the bounce rate and increasing the length of stay.
  • You can see here that consentmanager can pay off for you not only on the important level of data protection. The new data law has been strategically important since the decision was taken at the latest. With consentmanager you can implement a holistic solution from which you as a website operator will benefit on many levels. You can take the first steps right now.

The history of the GDPR

The European Parliament publishes a first recommendation
The Committee on Civil Liberties, Justice and Home Affairs of the EU Parliament has held its first “orientation vote”
European Parliament, Council and Commission end their negotiations
The EU committee votes for negotiations between the three parties
The EU Council accepts the recommendation
The EU Parliament accepts the recommendation
The regulations come into force
The regulations are now to be applied in all member states
The Schrems II ruling declares the EU-US Privacy Shield invalid
New standard contractual clauses (SCCs) are introduced for international data transfer
The successor agreement to Schrems II, the EU-US Data Privacy Framework, is adopted
Heavy GDPR fines imposed on Meta and other tech giants
Ongoing developments in data protection and global privacy laws, including updates to the ePrivacy Regulation expected by 2025

Bitte beachten Sie: Obwohl der ConsentManager CMP viele Funktionen wie das Blockieren von Codes und Cookies von Drittanbietern bietet, verwenden nicht alle unserer Kunden alle Funktionen. Bitte beurteilen Sie unsere Funktionen daher nicht nur danach, wie unsere Kunden unser Tool verwenden.

We have already helped more than 25,000 websites comply with GDPR, TDDDG & ePrivacy

Our clients include some of the biggest websites and best known brands in the world.

… and many more.

frequently asked Questions

Not sure if you need a CMP?

To help you with things like GDPR, CMP and consent, we’ve rounded up the most common questions here.

In accordance with the ePrivacy Regulation and GDPR, cookies must be selected via opt-in. This means that none are selected in advance (default). According to the GDPR, you must explicitly and actively agree to cookies if you want to allow the processing of the respective category. A GDPR cookie banner explains the types of cookies and their use. Consent is only mandatory for those GDPR cookies that ensure the functioning of the website.

With our free GDPR Website Check you can check whether your website accepts the GDPR cookies correctly
puts. With the Consentmanager, the conformity check is carried out automatically.

In order for cookies to be GDPR compliant, they require user consent. you must him
inform comprehensively and completely with a GDPR cookie banner. According to the GDPR, they are cookies
to block without consent.

Please note that we cannot provide legal advice. Some points of this FAQ may also change over time or be interpreted differently by courts. That’s why you should always consult your lawyer!