GDPR Compliance Guide

A practical step-by-step guide to make your website GDPR-compliant. From cookie audit to consent management — everything you need to know.

Disclaimer: This guide provides general information and does not constitute legal advice. Consult a privacy lawyer for advice tailored to your specific situation.

1

Create a processing register

Map out which personal data you process, why, and how long you retain it. This is the foundation of your GDPR compliance.

Checklist

Inventory all personal data processing activities
Document the legal basis per processing activity (consent, legitimate interest, etc.)
Determine retention periods per data category
Identify processors and sub-processors
2

Perform a cookie audit

Scan your website for all cookies and tracking technologies. Categorize them and document their purpose and lifespan.

Checklist

Scan all pages for cookies (Consentr Cookie Scanner)
Categorize: necessary, analytical, marketing, functional
Remove unnecessary cookies
Document the purpose and retention period per cookie
3

Publish privacy and cookie policy

Draft a transparent policy that informs visitors about your data processing activities. Use our Policy Generator for a legally correct document.

Checklist

Generate a policy with the Policy Generator
Customize for your specific processing activities
Publish on a public URL
Link from your cookie banner and footer
4

Install consent banner

Install a GDPR-compliant consent banner that actively asks visitors for permission before placing non-essential cookies.

Checklist

Install the Consentr widget (one script tag)
Configure opt-in as consent model
Block tracking scripts until consent
Enable Google Consent Mode v2
5

Retain consent records

Store proof of obtained consent. This is essential during an audit by the supervisory authority.

Checklist

Consentr automatically stores all consent records
Each record contains: timestamp, action, categories, visitor ID
Records are immutable (audit trail)
Export for compliance reports
6

Train team and set up processes

Ensure your team knows how to handle personal data and data subject requests.

Checklist

Train employees in privacy awareness
Establish a procedure for rights requests (access, deletion)
Appoint a responsible person (DPO if required)
Review and update regularly

Ready to get started?

Consentr automates steps 2 through 5. Start for free and be compliant within 5 minutes.