General Data Protection Regulation (GDPR)
The GDPR is the world's strictest privacy legislation and protects the personal data of all EU citizens. Every organization that processes data of EU residents must comply.
The General Data Protection Regulation (GDPR) is the European privacy law that has been in effect since May 25, 2018. It gives individuals control over their personal data and imposes strict obligations on organizations that collect, process or store personal data.
Companies established in the EU that process personal data
Organizations outside the EU that offer goods or services to EU citizens
Companies that monitor or profile the behavior of EU residents
Processors that process personal data on behalf of a data controller
Government agencies and public organizations that manage personal data
Any organization that processes special categories of personal data on a large scale
Every processing of personal data must be based on one of the six legal bases from Article 6 GDPR: consent, contract, legal obligation, vital interests, public task or legitimate interest.
When consent is the basis, it must be freely given, specific, informed and unambiguous. Pre-ticked boxes or inactivity do not count as valid consent.
Individuals have the right to access, rectification, erasure (right to be forgotten), restriction of processing, data portability and objection to processing.
Data protection must be built into products, services and business processes by default. Only the minimum amount of necessary data may be processed.
Data breaches must be reported to the competent supervisory authority within 72 hours of discovery. Affected individuals must also be notified if there is a high risk.
For processing operations with a high risk to the rights and freedoms of data subjects, a DPIA must be carried out before the processing begins.
GDPR violations can lead to fines of up to 20 million euros or 4% of global annual turnover (whichever is higher). National supervisory authorities such as the Belgian GBA, Dutch AP and French CNIL actively enforce these rules.
Consentr automates AVG/GDPR compliance so you can focus on your business.
Consentr automatically scans your website for cookies and trackers and correctly categorizes them according to the GDPR requirements.
Our cookie banner meets all GDPR requirements: no pre-ticked boxes, clear information about each cookie category and easy withdrawal of consent.
Every consent is securely recorded with timestamp, IP address and the exact version of the consent configuration as proof for audits.
Scripts and cookies are automatically blocked until the visitor gives explicit consent. This ensures that no data is processed without permission.
The cookie banner is automatically displayed in the visitor's language, so everyone can give informed consent regardless of their language.
Consentr regularly checks whether your website still complies with the latest GDPR guidelines and alerts you to potential issues.
Yes, the GDPR applies to all organizations that process personal data of EU citizens, regardless of their size. However, some obligations like appointing a DPO only apply in specific circumstances.
The data controller determines the purpose and means of data processing. The processor processes data on behalf of the controller. Both have obligations under the GDPR.
A DPO is mandatory for government agencies, organizations that process special categories of data on a large scale, and organizations whose core activity involves regular and systematic monitoring of data subjects.
Consentr offers a fully configured cookie banner, automatic cookie scanning, consent recording with audit trail and automatic script blocking — everything you need for GDPR-compliant cookie management.