Cookiewise
Features Pricing Documentation About Contact
Log In Start Free Trial

Analytics & Reporting

Analytics & Reporting Team Management

GDPR Compliance

How Cookiewise helps you meet every GDPR cookie consent requirement.

GDPR Cookie Requirements at a Glance

Prior consent before non-essential cookies
Granular category-level consent
Easy withdrawal of consent
Documented consent records
Freely given (no cookie walls)
Informed consent with clear descriptions

Article 7: Conditions for Consent

GDPR Article 7 requires that consent be demonstrable, freely given, specific, informed, and unambiguous. Here's how Cookiewise addresses each:

Demonstrable (Art. 7(1))

Every consent interaction is recorded with timestamp, IP address, user agent, consent method, and specific categories accepted or rejected. These records are stored server-side and cannot be altered by the visitor. They serve as your proof of consent in the event of a regulatory audit.

Freely Given (Art. 7(4))

Cookiewise never conditions website access on cookie acceptance. The banner provides clear Accept All, Reject All, and Customize options - all equally accessible. The website functions fully regardless of the visitor's choice.

Specific (Recital 32)

Consent is collected per category (necessary, functional, analytics, marketing, social), not as a single blanket "accept cookies" option. Users can enable analytics while rejecting marketing, for example.

Informed (Art. 13)

The banner and settings modal display the number and purpose of cookies in each category. Links to your cookie policy provide full details about every individual cookie.

ePrivacy Directive (Cookie Law)

The ePrivacy Directive (2002/58/EC) works alongside GDPR specifically for cookies. Key requirements:

  • Article 5(3): Storing information (cookies) on a user's device requires prior consent, except for strictly necessary cookies
  • Cookie blocking: Cookiewise's auto-block feature ensures no non-essential cookies are set before consent is obtained
  • Cookie inventory: Regular scanning keeps your cookie disclosure accurate and up to date

Data Processing Agreement

Under GDPR Article 28, when Cookiewise processes consent data on your behalf, we act as a data processor. Our Data Processing Agreement (DPA) covers:

  • Purpose limitation - we process consent data solely for providing the consent management service
  • Data minimization - we collect only the minimum data needed for consent records
  • Security measures - encryption in transit and at rest, access controls, regular audits
  • Sub-processors - transparent list of any third parties involved in data processing
  • Data deletion - data is purged within 30 days of account closure

Data Subject Rights

Cookiewise supports the following GDPR data subject rights:

  • Right of access (Art. 15): Export all consent records associated with a visitor ID
  • Right to erasure (Art. 17): Delete specific visitor consent records on request
  • Right to data portability (Art. 20): Export data in standard JSON/CSV format

Compliance Checklist

Use the Compliance Checklist in your dashboard for a real-time assessment of your GDPR compliance status. The checklist evaluates your banner configuration, consent records, cookie inventory, and scan recency against GDPR requirements.

Team Management CCPA Guidelines