General Data Protection Regulation (GDPR)

What is the GDPR?

All you need to know about how the GDPR affects data collection on your websites and apps

GDPR came into effect on May 25th, 2018

What is the GDPR?

The General Data Protection Regulation (also known as the GDPR) is a European Union Law aimed at ensuring that personal data is handled by companies under a lawful base while ensuring its security, privacy, and confidentiality.

The GDPR concerns the processing of personal data.

Many cookies process users’ personal data and the processing of this information is subject to the GDPR.

To process personal data, you need a lawful basis, i.e. a legal ground to process data. This can be a legitimate interest, but more often processing is based on consent.

Link: What is legitimate interest?

Table of Contents

What is personal data?​

Personal data is any type of data which on its own or when cross-referenced with other data enables the “univocal identification” of a natural person (the data subject). Depending on the scope and the purpose of such processing activities, there could be a potential risk factor towards the data subject to whom it pertains.

What is processing of personal data?

Personal data processing means collecting, accessing, storing, processing and/or sharing of personal data.

When do I process personal data?

Cookies collect and process your website visitors’ personal data. Every time a person visits your company website, cookies are stored; cookies are accessed; cookies are changed in the browser of the visitor. These data typically comprise of language settings, screen size, items in the basket, but can also comprise of information about the user’s IP-address, choice of browser, and online behavior. Marketing cookies track the users across the website and internet with the purpose of creating online profiles for direct marketing.

Cookies collect personal data

Who is subject to the GDPR?

Companies within the European Union must observe GDPR towards all data subjects regardless of their geographical location, whereas companies outside of the European Union must observe GDPR towards European Union resident data subjects.

how to comply with data protection regulation

Who is responsible for collecting valid consent?

It is the owner of the website or the company’s Data Protection Officer (DPO) who is responsible for complying with the regulations of the GDPR in relation to the data cookies process. Even if the cookies are not owned by the company, but are third-party cookies e.g. Google Analytics, Facebook Pixel, YouTube or Addthis.

What is Your task?

First and foremost, a valid cookie pop-up banner on your website which has to:

GDPR & cookies

Cookies are a widely used tool on a website to store data on a specific user, in which a service can access this data and then create a profile of the individual to target ads and customized content. 

As the data controller, you are also responsible for the data collected by third parties on your website i.e. first and third-party cookies which process visitors’ personal data (Google, Facebook, YouTube, Addthis, Doubleclick). 

Link: What is the rules on cookies? 

Your company website uses Google Analytics to explore website traffic. Google deploys a number of cookies (first-party) in your visitor’s web browser every time the user visits your site. These cookies collect and process personal information about the visitor which may identify the visitor directly or indirectly. The data collected by Google Analytics is used for online profiling and direct marketing, and this requires explicit user consent.


How can you comply with the GDPR?

We can help you reach the level of GDPR compliance you desire. We are a global privacy-tech company offering privacy solutions to both the public and private sector. Our Consent Solution is used by more than 1,500 clients and yearly we collect 15 billion consents.

Become GDPR compliant today! Book a meeting with one of our GDPR experts and get a professional solution.

Cookie information's Cookie Consent Solution includes:

Where to start with cookies?

Join our webinars about compliance in the Nordics