Features Pricing For Agencies GDPR ePrivacy About Contact
RO | EN
Start Free →
Compliance

GDPR Cookie Compliance

A complete guide to making your website compliant with the General Data Protection Regulation (GDPR) regarding cookies and consent.

What does GDPR require for cookies?

GDPR requires websites to obtain explicit, informed consent from visitors before setting non-essential cookies. Necessary cookies (e.g. session, security) are exempt, but analytics, marketing, and preference cookies require prior opt-in consent.

  • Prior consent required before setting non-essential cookies
  • Granular controls — visitors must be able to accept or reject each category individually
  • Proof of consent must be stored for regulatory audits
  • Visitors must be able to withdraw consent as easily as they gave it

What is GDPR?

The General Data Protection Regulation (GDPR) is the most comprehensive data protection law in Europe. In effect since May 25, 2018, it applies to any organization that processes personal data of individuals in the European Union, regardless of where the organization is based.

GDPR gives individuals greater control over their personal data and imposes strict obligations on organizations that collect or process such data. Non-compliance can result in significant fines of up to EUR 20 million or 4% of annual global turnover.

What does GDPR say about cookies?

GDPR classifies cookies as personal data when they can identify a user. This means most cookies require explicit, informed consent before being placed in a visitor's browser. Here are the key requirements:

  • Prior consent — Non-essential cookies cannot be set before obtaining the visitor's explicit consent.
  • Granular consent — Visitors must be able to individually accept or reject each category of cookies.
  • Full disclosure — You must clearly explain what cookies you use, their purpose, and their duration.
  • Right to withdraw — Visitors must be able to withdraw their consent as easily as they gave it.
  • Proof of consent — You must be able to demonstrate that valid consent was obtained from each visitor.
  • No cookie walls — Access to the website cannot be conditional on accepting all cookies.

GDPR fines and penalties

Since GDPR came into effect, data protection authorities across Europe have imposed significant fines. Here are some notable examples:

TikTok
€530 Million

Transferring European user data to China without adequate safeguards. Fined by the Irish Data Protection Commission in 2025.

Meta (Facebook)
€1.2 Billion

Transferring EU user data to the US without sufficient data protection mechanisms. Fined by the Irish DPC in 2023.

Amazon
€746 Million

Processing personal data for targeted advertising without proper consent. Fined by the Luxembourg authority in 2021.

Google
€150 Million

Making it difficult for users to refuse cookies compared to accepting them. Fined by the French CNIL in 2022.

How CookieFix helps you comply

CookieFix automates the entire GDPR cookie compliance process. Here is how we help your website meet every requirement:

  • Automatic scanning and identification of all cookies on your website
  • Blocking of non-essential cookies before obtaining visitor consent
  • Clear consent banner with granular, per-category options
  • Easy consent withdrawal — visitors can change preferences at any time
  • Consent proof storage for audit and regulatory verification
  • Periodic re-scans to automatically update your cookie inventory

Make your website GDPR compliant today

Set up CookieFix in 5 minutes and ensure your website meets all GDPR cookie requirements.

Create free account