Ready for the new Google Consent Mode v2? Learn more »

Set GDPR cookies correctly

The General Data Protection Regulation (GDPR) has been in force in all EU member states since May 25th, 2018. With the GDPR placing a particular focus on cookies and important new regulations coming into force for website owners, we’ve put together an overview of the most important information for you.

Rechtskonforme Cookie-Banner- und Consentlösung


General Data Protection Regulation

To help you with things like GDPR, CMP and consent, we’ve rounded up the most common questions here.

  • What is GDPR?

    GDPR stands for General Data Protection Regulation, in English it is referred to as GDPR or General Data Protection Regulation. This is a regulation of the European Union that regulates how private companies must handle personal data. The regulation came into force on April 27, 2016 and has been mandatory since May 25, 2018. Thus standards for data protection are standardized and binding throughout the EU . The GDPR text is quite general and should be implemented in concrete national law. The so-called ePrivacy regulation is intended for this.

  • What is the ePrivacy Regulation?

    The ePrivacy Regulation regulates the handling of personal data, particularly in electronic communication (Internet, e-mail, …). The regulation should not be confused with the ePrivacy Directive (“Cookie Directive”), which came into force before the GDPR and restricts the use of cookies. As the GDPR text deals with data protection in general, member states will need deeper laws or regulations to cover the specific cases and areas of application. In particular, data protection on the Internet plays an important role because large amounts of information and personal data are collected and processed here. At the same time, data processing is largely non-transparent for the user because it takes place in the background. The combination of GDPR and ePrivacy Regulation places a high priority on how you deal with cookies .

Who must comply with GDPR cookies?

With regard to online advertising, GDPR cookies play a role, among other things, when

  • the publisher is based in the EU
  • the advertiser is based in the EU
  • the mediators/networks/brokers/… is/are based in the EU
  • the visitor to the website / recipient of the advertising is based in the EU
  • a third party involved (e.g. ad server provider) is based in the EU

This means that the GDPR also applies to companies that are not based in the EU but deliver advertising to EU citizens .

Consent-Lösungen für Agenturen

The history of the GDPR

The European Parliament publishes a first recommendation
The EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs has its first “orientation vote”.
European Parliament, Council and Commission end their negotiations
The EU committee votes for negotiations between the three parties
The EU Council accepts the recommendation
The EU Parliament accepts the recommendation
The regulations come into force
The regulations are now to be applied in all member states
ePrivacy regulation is expected to come into force

Stay up to date!

Subscribe to Newsletter

We have already helped more than 25,000 websites to comply with GDPR, TTDSG & ePrivacy

Our clients include some of the biggest websites and best known brands in the world.

… and many more.

Bitte beachten Sie: Obwohl der ConsentManager CMP viele Funktionen wie das Blockieren von Codes und Cookies von Drittanbietern bietet, verwenden nicht alle unserer Kunden alle Funktionen. Bitte beurteilen Sie unsere Funktionen daher nicht nur danach, wie unsere Kunden unser Tool verwenden.

On the safe side

What is personal data according to the GDPR text?

Personal data require special protection. In particular, unless performance of a contract or legitimate interests make this necessary, the user must explicitly give their consent before their data can be processed, stored or passed on.

  • GDPR cookies opt-in and opt-out

    This consent is referred to as an opt-in . You know the procedure from newsletters, for example: You have to actively register and even confirm the e-mail address (double opt-in). Businesses are not allowed to send you unsolicited advertising.

    For example, some privacy laws, such as the California Consumer Privacy Act (CCPA) in California, provide for an opt-out, which means that users can refuse cookies. In this case, the cookies are set by default; the visitor can deselect them.

  • Special rights of data subjects

    • Information obligation of the person responsible: You must inform the visitor comprehensively and completely about the processing of the data. This also includes the purposes/goals/intentions and other recipients such as third-party providers. You must also inform the user of their rights in the GDPR cookie notice
    • Right to information : At the request of the person concerned, you must provide complete information as to whether and which data you have stored or passed on, for what purpose, etc.
    • Right to rectification : if the user consents to the processing of the data, you must correct or update it if requested.
    • Right to deletion (“to be forgotten”): The user can revoke his consent as well as order immediate deletion.
    • Right to restriction of processing: The data subject may request that you limit the use of the data collected, even if the previous consent provided for broader processing.

What do GDPR cookies mean for my online marketing?

For online advertising, the GDPR has the following meaning in particular:

  1. It is no longer possible to set cookies without consent. This means that you can only track actions that the user has explicitly given consent to. All other cookies must be blocked. You need a GDPR cookie notice text.
  2. Saving personal data is no longer possible without consent. In connection with online marketing, this applies in particular to the IP address of the visitor.
  3. The transfer of personal data is no longer possible without consent. For example, in the context of OpenRTB or in the form of placeholders, you may no longer pass on data such as the IP address of the visitor.
Consent-Lösung für DSGVO, TTDSG, CCPA, PIPEDA

Article 9 GDPR

Processing of special categories

The more detailed information that is available about a target audience, the more interesting the processing of personal data becomes for advertisers. The GDPR explicitly protects certain personal information even more.

    Data processing limitations

  • The processing of the following data is therefore expressly prohibited under Article 9 GDPR:
    • Ethnic Origin
    • Political Opinions/Union
    • belief/religion
    • Genetic/biometric data
    • health data
    • sexual orientation
  • Exceptions in Article 9 GDPR

    Exceptions are defined in Art. 9 Para. 2 GDPR:

    • The data subject expressly consents to the processing for the specified purposes. The processing is necessary in order for the data subject to exercise his or her rights and fulfil his or her obligations.
    • Vital Interests
    • Processing by a non-profit organisation in the course of its legitimate activities or membership. If the data subject is a member of a political party, for example, it may process the information about party affiliation internally
    • The data subject has made the data public
    • In judicial aspects
    • Significant public interest
    • health care and occupational medicine
    • Public Health Care / Emergency Response
    • Archival work, scientific, historical research and limited for statistics

Article 9 GDPR cookie banner

Third parties set cookies and collect data on your website. As the operator, you are responsible for informing your visitors and confirming the cookies. So, if third parties want to collect and process personal data in the sense of Article 9 GDPR, the GDPR cookie banner must include the specified purposes. They should therefore be treated with even more sensitivity than general statements about age, gender, etc. Transparency leads to customer satisfaction and greater acceptance. You also get more sales through advertising revenue from advertisers on your site.

IAB konformes CMP, DSGVO, TTDSP, CCPA und mehr

What do GDPR cookies mean for my website?

If you are a publisher, publisher, network, SSP, agency or advertiser, you will most likely need to obtain user consent in the future. To do this you need a consent management provider like consentmanager.

  • Cookie banner GDPR

    A cookie banner informs the visitor about the cookies set and how they work . Cookies that are required for the website to function must (logically) be accepted. The GDPR cookie notice must not contain any pre-set ticks. The legislator does not prescribe what the GDPR cookie banner should look like. Therefore, use the leeway and freedom to design the cookie notice in the best possible way . With the right know-how you are legally compliant and customer-friendly at the same time!

  • Set GDPR cookies with consentmanager

    With our Consent Management Provider you have a full overview of the GDPR cookies you use. With ready-made designs and texts in over 30 languages, you can get started immediately and are always GDPR-compliant with certainty. The integrated cookie crawler checks your website for new providers on a daily basis and automatically blocks all cookies without your consent (consent). Our tool can be integrated into any common system and is compatible with practically all applications. You can adapt the GDPR cookie banner to your design and wording and make further settings, e.g. with regard to the buttons. The system uses A/B testing to determine which settings work best, ie have the best acceptance rate among visitors.

  • Data protection made easy

    If users make use of their rights, they must act immediately. You must provide complete information , restrict the data or delete it completely. This presents you with the challenge of being able to determine all this information, process it and change it accordingly. It’s very easy with our consentmanager. It not only gives you valuable working time , but also ensures legal certainty and fast processing of user inquiries. Your professional reaction and exemplary handling of sensitive data will increase your customers’ satisfaction. This in turn increases trust in your company (in your products, services, etc.).



Permanently free for
a website
  • 5,000 views / month incl.
  • GDPR Compliant
  • Premade Designs
  • 1 crawl/week
  • Support: tickets
  • additional Views bookable
  • IAB TCF compatible CMP
  • IAB GPP standard
  • A/B testing & optimization
  • additional user accounts


Monthly for
a website
  • 100,000 views / month incl.
  • additional Views:0.1  / 1000
  • GDPR Compliant
  • Customizable designs
  • 3 crawls/day
  • Support: tickets
  • A/B testing & optimization
  • IAB TCF compatible CMP
  • IAB GPP standard
  • additional user accounts
Very popular


Monthly for up to
3 websites or apps
  • 1 million views / month incl.
  • additional Views:0.05  / 1000
  • GDPR Compliant
  • IAB TCF compatible CMP
  • IAB GPP standard
  • Customizable designs
  • A/B testing & optimization
  • 10 crawls/day
  • Support: Ticket & Email
  • additional user accounts


Monthly for up to
20 websites or apps
  • 10 million views / month incl.
  • additional Views:0.02  / 1000
  • GDPR Compliant
  • IAB TCF compatible CMP
  • IAB GPP standard
  • Customizable designs
  • A/B testing & optimization
  • 100 crawls/day
  • 10 additional user accounts
  • Support: Ticket, email & phone
  • Personal account manager


On demand
Monthly price by individual agreement
  • Any Views / Month
  • additional Views:0.02  / 1000
  • GDPR Compliant
  • IAB TCF compatible CMP
  • IAB GPP standard
  • Customizable designs
  • A/B testing & optimization
  • Any crawls/day
  • any add. user accounts
  • Support: Ticket, email & phone
  • Personal account manager

Liability and Penalties

  • According to Art. 82 para. 2 GDPR , each person responsible for processing is liable for damage. Since the visitor to your website gives their consent (consent) to the processing of personal data, you are responsible for GDPR-compliant consent management.

  • According to Art. 83 para. 1 GDPR must be effective, proportionate and (explicitly!) deterrent in each individual case. The amount of the sanctions depends on the type and severity of the offense against the GDPR cookies. The legislator attaches considerable importance to data protection. Your customers see it the same way. GDPR compliance is therefore in your best interest for both financial and reputational reasons.

  • Example: In the event of violations of consent (such as Article 9 GDPR) or the rights of those affected, there is a risk of a fine of up to EUR 20 million or 4% of global annual turnover ; the higher amount counts.

  • Our basic package from consentmanager is free and available in the standard package from 50 euros per month.

GDPR website check

With our free GDPR Website Check you can check your website for GDPR compliance. The cookie crawler integrated in consentmanager carries out this GDPR website check several times a day to find and categorize new providers and cookies. So you are always on the safe side.

Cookie-Consent-Management und Cookie-Banner von consentmanager

Ensure compliance of your website with the new Data Protection Act (TTDSG) now

  • Test the consentmanager and offer your visitors tangible added value that will create trust. In recent months there have been reports of data leaks and insufficient privacy protection. With a professional query from the consentmanager, you show your visitors that you take this topic very seriously.
  • What’s more: you put all decisions transparently in the hands of your potential customers right from the start. This will have a positive effect on the image and the seriousness of your website . Not only do they ensure compliance with data protection law, but they actively invest in visitor satisfaction. Rankings and conversion can be optimized by reducing the bounce rate and increasing the length of stay.
  • You can see here that consentmanager can not only pay off for you on the important level of data protection. The new data law has been strategically important since the decision was taken at the latest. With consentmanager you can implement a holistic solution from which you as a website operator will benefit on many levels. You can take the first steps right now.

Stay up to date!

Subscribe to Newsletter

frequently asked Questions

Not sure if you need a CMP?

To help you with things like GDPR, CMP and consent, we’ve rounded up the most common questions here.

In accordance with the ePrivacy Regulation and GDPR, cookies must be selected via opt-in. This means that none are selected in advance (default). According to the GDPR, you must explicitly and actively agree to cookies if you want to allow the processing of the respective category. A GDPR cookie banner explains the types of cookies and their use. Consent is only mandatory for those GDPR cookies that ensure the functioning of the website.

With our free GDPR Website Check you can check whether your website accepts the GDPR cookies correctly
puts. With the Consentmanager, the conformity check is carried out automatically.

In order for cookies to be GDPR compliant, they require user consent. you must him
inform comprehensively and completely with a GDPR cookie banner. According to the GDPR, they are cookies
to block without consent.

Please note that we cannot provide legal advice. Some points of this FAQ may also change over time or be interpreted differently by courts. That’s why you should always consult your lawyer!