GDPR cookies set correctly
Since May 25, 2018, the General Data Protection Regulation (GDPR) has been in force in all EU member states. Because the GDPR puts a particular focus on cookies and brings important new regulations into force for website operators, we have compiled an overview of the most important information for you.
GDPR
General Data Protection Regulation
To help you with things like GDPR, CMP and consent, we have compiled the most frequently asked questions here.
Please note that we cannot provide legal advice. Some points of this FAQ may also change over time or be interpreted differently by courts. That’s why you should always consult your lawyer!
What is the GDPR?
DSGVO stands for General Data Protection Regulation, in English it is called GDPR. This is a regulation of the European Union that regulates how private companies must handle personal data. The regulation came into force on April 27, 2016 and has been mandatory since May 25, 2018. This will standardise and make data protection standards binding across the EU . The GDPR text is quite general and is intended to be implemented into concrete national law. The so-called ePrivacy Regulation is intended for this purpose.
What is the ePrivacy Regulation?
The ePrivacy Regulation is intended to regulate the handling of personal data in the future, particularly in electronic communication (Internet, e-mail, etc.). It should not be confused with the ePrivacy Directive (“Cookie Directive”), which came into force before the GDPR and restricts the use of cookies. Since the GDPR deals with data protection in general, member states need more specific laws and regulations for concrete use cases. Data protection on the Internet plays a particularly important role, as a lot of personal data is collected and processed here, often in a way that is not transparent to the user. The ePrivacy Regulation, which is not expected to come into force until 2025 at the earliest, will introduce stricter rules for cookies and tracking technologies. The combination of GDPR and ePrivacy Regulation makes the handling of cookies and other tracking technologies even more important.
Who has to comply with GDPR cookies?
With regard to online advertising, GDPR cookies play a role when
- the publisher is based in the EU
- the advertiser is based in the EU
- the mediators/networks/brokers/… is/are based in the EU
- the visitor to the website / recipient of the advertising is based in the EU
- a third party involved (e.g. ad server provider) is based in the EU
This means that the GDPR also applies to companies that are not based in the EU but deliver advertising to EU citizens .
On the safe side
What are personal data according to the GDPR text?
Personal data require special protection. The term refers to any information relating to an identifiable individual. In particular, the user must explicitly give his consent before his data may be processed, stored or passed on.
GDPR Cookies Opt-in and Opt-out
This consent is called opt-in . You know the procedure from newsletters, for example: You have to actively register and even confirm the e-mail address (double opt-in). Companies are not allowed to send you unsolicited advertising.
For example, some data protection laws such as California’s CPRA (California Privacy Rights Act), which replaces the former CCPA (California Consumer Privacy Act), provide for an opt-out. In this case, cookies are set by default. The CPRA expands consumer rights and introduces stricter data protection requirements to further improve the protection of personal information.
Special rights of data subjects
- Information obligation of the person responsible: You must inform the visitor comprehensively and completely about the processing of the data. This also includes the purposes/goals/intentions and other recipients such as third-party providers. Furthermore, you must inform the user about his rights in the GDPR Cookie Notice
- Right to information : At the request of the person concerned, you must provide complete information as to whether and which data you have stored or passed on, for what purpose, etc.
- Right to rectification : If the user gives his consent to the processing of the data, you must correct or update it upon request.
- Right to deletion (“to be forgotten”): The user can revoke his consent as well as order immediate deletion.
- Right to restriction of processing: The data subject can request that you restrict the use of the data collected, even if the previous consent provided for broader processing.
What do GDPR cookies mean for my online marketing?
For online advertising, the GDPR has the following particular significance:
- The setting of cookies is no longer possible without consent. This means that you may only track actions for which the user has explicitly given their consent. All other cookies must be blocked. You need a GDPR cookie notice text.
- Storing personal data is no longer possible without consent. In connection with online marketing, this applies in particular to the IP address of the visitor.
- The sharing of personal data is no longer possible without consent. For example, in the context of OpenRTB or in the form of placeholders, you may no longer pass on data such as the IP address of the visitor.
Article 9 GDPR
Processing of special categories
The more detailed information that is available about a target audience, the more interesting the processing of personal data becomes for advertisers. The GDPR explicitly provides greater protection for certain personal information.
Data processing limitations
- Therefore, the processing of the following data is expressly prohibited according to Article 9 GDPR:
- Ethnic Origin
- Political Opinions/Union
- belief/religion
- Genetic/biometric data
- health data
- sexual orientation
Exceptions in Article 9 GDPR
Exceptions are defined in Art. 9 para. 2 GDPR:
- The data subject expressly consents to the processing for specified purposes. The processing is necessary so that the data subject can exercise his or her rights and fulfil his or her obligations.
- Vital Interests
- Processing by a non-profit organisation in the course of its legitimate activities or membership. If the person concerned is, for example, a member of a political party, the party may process information about their party affiliation internally.
- The data subject has made the data public
- In judicial aspects
- Significant public interest
- health care and occupational medicine
- Public Health Care / Emergency Response
- Archival work, scientific, historical research and limited for statistics
Article 9 GDPR Cookie Banner
Third parties set cookies and collect data on your website. As the operator, you are responsible for informing your visitors and confirming the cookies. Therefore, if third parties want to collect and process personal data within the meaning of Article 9 GDPR, the GDPR cookie banner must contain the specified purposes. They should therefore be treated with even more sensitivity than general statements about age, gender, etc. Transparency leads to customer satisfaction and greater acceptance. You also get more sales through advertising revenue from advertisers on your site.
What do GDPR cookies mean for my website?
If you are a publisher, network, SSP, agency or advertiser, you will most likely need to obtain user consent in the future. To do this, you need a consent management provider like our c onsentmanager .
Cookie Banner GDPR
A cookie banner informs the visitor about the cookies set and how they work . Cookies that are required for the website to function must (logically) be accepted. The GDPR cookie notice must not contain any pre-selected boxes. The legislator does not prescribe what the GDPR cookie banner should look like. Therefore, use the leeway and freedom to design the cookie notice in the best possible way . With the right know-how you are legally compliant and customer-friendly at the same time!
Set GDPR cookies with consentmanager
With our Consent Management Provider you have a complete overview of the GDPR cookies you use. With ready-made designs and texts in over 30 languages, you can get started right away and be sure to always be GDPR compliant. The integrated cookie crawler checks your website daily for new providers and automatically blocks all cookies without consent. Our tool can be integrated into any common system and is compatible with practically all applications. You can adapt the GDPR Cookie Banner to your design and wording and make further settings, e.g. regarding the buttons. The system uses A/B testing to determine which settings work best, ie have the best acceptance rate among visitors.
Data protection made easy
If users make use of their rights, they must act immediately. You must provide complete information , restrict the data or delete it completely. This presents you with the challenge of being able to determine all this information, process it and change it accordingly. With our consentmanager this is very easy. It not only gives you valuable working time , but also ensures legal certainty and fast processing of user inquiries. Your professional reaction and exemplary handling of sensitive data will increase your customers’ satisfaction. This in turn increases trust in your company (in your products, services, etc.).
Packages
Basic
a website
- 5,000 views / month incl.
- GDPR Compliant
- Premade Designs
- 1 crawl/week
- Support: tickets
additional Views bookableIAB TCF compatible CMPIAB GPP standardA/B testing & optimizationadditional user accounts
Beginner
a website
- 100,000 views / month incl.
- additional Views:0.1 € / 1000
- GDPR Compliant
- Customizable designs
- 3 crawls/day
- Support: tickets
A/B testing & optimizationIAB TCF compatible CMPIAB GPP standardadditional user accounts
Standard
3 websites or apps
- 1 million views / month incl.
- additional Views:0.05 € / 1000
- GDPR Compliant
- IAB TCF compatible CMP
- IAB GPP standard
- Customizable designs
- A/B testing & optimization
- 10 crawls/day
- Support: Ticket & Email
additional user accounts
Agency
20 websites or apps
- 10 million views / month incl.
- additional Views:0.02 € / 1000
- GDPR Compliant
- IAB TCF compatible CMP
- IAB GPP standard
- Customizable designs
- A/B testing & optimization
- 100 crawls/day
- 10 additional user accounts
- Support: Ticket, email & phone
Personal account manager
Enterprise
- Any Views / Month
- additional Views:0.02 € / 1000
- GDPR Compliant
- IAB TCF compatible CMP
- IAB GPP standard
- Customizable designs
- A/B testing & optimization
- Any crawls/day
- any add. user accounts
- Support: Ticket, email & phone
- Personal account manager
Liability and Penalties
- According to Art. 82 para. 2 GDPR , any controller involved in processing is liable for any damage. Since the visitor to your website gives his consent to the processing of personal data, you are responsible for GDPR-compliant consent management.
- According to Art. 83 para. 1 GDPR must be effective, proportionate and (explicitly!) deterrent in each individual case. The level of sanctions depends on the nature and severity of the violation of the GDPR cookies. The legislator attaches considerable importance to data protection. Your customers see it the same way. GDPR compliance is therefore in your own interest for both financial and reputational reasons.
- Example: In the event of a breach of consent (such as Article 9 GDPR) or of the rights of the data subjects, a fine of up to EUR 20 million or 4% of the global annual turnover is threatened, whichever is higher.
- Enforcement of the GDPR has become stricter in recent years, with significant fines being imposed for violations. Recent rulings have shown that both data controllers and data processors can be held equally liable. Violations of international data transfer guidelines were particularly highlighted, as was the provision of non-compliant cookie banners and the unlawful processing of children’s data. Consequently, companies should continuously review and adapt their data protection practices to avoid heavy fines and meet the requirements of the GDPR.
GDPR Website Check
With our free GDPR website check you can check your site for GDPR compliance. The cookie crawler integrated in consentmanager performs this GDPR website check several times a day to find and categorize new providers and cookies. So you are always on the safe side.
Ensure your website’s compliance with the TTDSG/TDDDG now
- The Telecommunications Digital Services Data Protection Act (TDDDG) replaces the TTDSG and was updated on May 14, 2024. It has been adapted to bring German law into line with the European Digital Services Act (DSA). The Telecommunications Secrecy Act (TDDDG) protects telecommunications secrecy and sets out special regulations for the protection of personal data in telecommunications and digital services. It sets out privacy requirements for incoming calls, calling line identification, automatic call forwarding and end-user directories. Providers of digital services must take technical and organizational measures to protect data and provide information about inventory and usage data. The law also regulates the protection of privacy in end devices and determines the competent supervisory authorities for data protection in telecommunications, taking into account the responsibilities under state law and the Federal Data Protection Act.
- Test the consentmanager and offer your visitors tangible added value that will create trust. In recent months there have been reports of data leaks and insufficient privacy protection. With a professional consent manager query, you show your visitors that you take this issue very seriously.
- What’s more: you put all decisions transparently in the hands of your potential customers right from the start. This will have a positive effect on the image and the seriousness of your website . Not only do they ensure compliance with data protection law, but they actively invest in visitor satisfaction. Rankings and conversion can be optimized by reducing the bounce rate and increasing the length of stay.
- You can see here that consentmanager can pay off for you not only on the important level of data protection. The new data law has been strategically important since the decision was taken at the latest. With consentmanager you can implement a holistic solution from which you as a website operator will benefit on many levels. You can take the first steps right now.
The history of the GDPR
Bitte beachten Sie: Obwohl der ConsentManager CMP viele Funktionen wie das Blockieren von Codes und Cookies von Drittanbietern bietet, verwenden nicht alle unserer Kunden alle Funktionen. Bitte beurteilen Sie unsere Funktionen daher nicht nur danach, wie unsere Kunden unser Tool verwenden.
We have already helped more than 25,000 websites comply with GDPR, TDDDG & ePrivacy
Our clients include some of the biggest websites and best known brands in the world.
… and many more.
frequently asked Questions
Not sure if you need a CMP?
To help you with things like GDPR, CMP and consent, we’ve rounded up the most common questions here.
In accordance with the ePrivacy Regulation and GDPR, cookies must be selected via opt-in. This means that none are selected in advance (default). According to the GDPR, you must explicitly and actively agree to cookies if you want to allow the processing of the respective category. A GDPR cookie banner explains the types of cookies and their use. Consent is only mandatory for those GDPR cookies that ensure the functioning of the website.
With our free GDPR Website Check you can check whether your website accepts the GDPR cookies correctly
puts. With the Consentmanager, the conformity check is carried out automatically.
In order for cookies to be GDPR compliant, they require user consent. you must him
inform comprehensively and completely with a GDPR cookie banner. According to the GDPR, they are cookies
to block without consent.
Please note that we cannot provide legal advice. Some points of this FAQ may also change over time or be interpreted differently by courts. That’s why you should always consult your lawyer!