GDPR, cookies and compliance 

• The General Data Protection Regulation (GDPR) is an EU legislation that governs all collection and processing of personal data from individuals inside the EU.
• Under the EU’s GDPR, it is the legal responsibility of website owners and operators to make sure that personal data is collected and processed lawfully.
• A website outside of the EU is required to comply with the GDPR if it collects data from users inside the EU.

Even though cookies are mentioned only once in the GDPR, cookie consent is nonetheless a cornerstone of compliance for websites with EU-located users.

This is because one of the most common ways for personal data to be collected and shared online is through website cookies. The GDPR sets out specific rules for the use of cookies.

That’s why end-user consent to cookies is the GDPR’s most used legal basis that allows websites to process personal data and use cookies.