GDPR compliance with ConsentX
General Data Protection Regulation
European Union
In force since 2018
Europe & UK
Who it applies to
Any organization that offers goods or services to people in the EU or monitors their behavior, wherever the organization is based.
Penalties
Up to €20 million or 4% of global annual turnover, whichever is higher.
Key obligations
- Obtain prior, opt-in consent before non-essential cookies
- Make refusing as easy as accepting
- Keep records that prove consent
- Honor withdrawal at any time
- Respect data subject rights (access, erasure, portability)
How ConsentX helps
Prior-script blocking for true opt-in
Equal-weight Allow and Reject controls
Tamper-evident consent receipts and evidence
One-click withdrawal trigger
Built-in DSAR workflow with 30-day SLA
Get GDPR ready with ConsentX
Start free, or book a walkthrough with our team.
This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified counsel.
Frequently asked questions
What is GDPR?+
The GDPR is the European Union's data-protection law, requiring a lawful basis (often consent) to process personal data, with fines up to €20 million or 4% of global turnover.
Do I need consent before setting cookies under GDPR?+
Yes. Non-essential cookies and trackers need freely given, specific, informed prior consent before they run.
Is an Accept-only cookie banner GDPR compliant?+
No. Refusing must be as easy as accepting, and non-essential categories must not be pre-selected.
How do I prove consent in a GDPR audit?+
ConsentX stores a tamper-evident receipt with the policy version and hash for each consent, exportable on demand.