GDPR Requirements for Websites

This page summarizes common GDPR requirements relevant to websites. It is not legal advice.

• Lawful basis: Identify a lawful basis for each processing activity (e.g., consent for non‑essential cookies, legitimate interests where appropriate).
• Consent: Obtain informed, freely given, specific, and unambiguous consent before setting non‑essential cookies. Provide equal “accept” and “reject/manage” choices.
• Transparency: Provide a clear privacy policy describing what you collect, why, and how long you keep it. Disclose third‑party recipients and transfers.
• User rights: Implement processes for access, rectification, deletion, restriction, portability, and objection.
• Data Processing Agreements (DPAs): Have DPAs with processors who handle personal data on your behalf.
• Security: Apply appropriate technical and organizational measures to protect data.
• Breach notification: Notify authorities and affected users as required in the event of a personal data breach.
• International transfers: Use valid transfer mechanisms where data moves outside the EU/EEA.
• Record‑keeping: Maintain records of processing activities and consents as applicable.

CookieBeam helps with consent collection and logging. You are responsible for configuring your banner and tags to match your policies and for meeting obligations beyond consent.