skip to main content
Privacy LawsGDPR

GDPR Compliance

GDPR Laptop

Time Remaining

What is GDPR?

Effective May 25, 2018, The General Data Protection Regulation (GDPR) is a European Union (EU) regulation that replaces the Directive 95/46/EC and governs the current data protection framework in Europe.

The law has a broad scope that impacts organizations that process the personal data of EU residents, wherever they are located in the world. The regulation is meant to harmonize the EU data protection landscape and protect the rights and freedoms of EU individuals.

Organizations that do not comply with GDPR face heavy fines and penalties. Some violations are subject to up to 4% of the organization’s global annual turnover.

Here's are some things you need to do to comply with GDPR:
  • Scan your website to detect and categorize cookies and other tracking technologies on your website.
  • Customize a cookie banner and preference center to provide visitors with the ability to opt-out of advertising and data collection cookies on your website.
  • Automate the intake and fulfillment of data subject requests.

Who does the GDPR apply to?

The GDPR applies to organizations operating within the EU that process data and organizations outside the EU that offer goods or services to individuals in the EU.

Individual Rights under GDPR

How to create a cookie banner in CookiePro
The Right to be Informed

A key transparency requirement of the GDPR is the right for EU citizens to be informed about the collection and use of their personal data at the time of collection.

Organizations that collect personal data must provide individuals with the following information in a concise, transparent, intelligible, easily accessible format:

  • The purpose of processing personal data
  • The retention periods for the data
  • Who the data will be shared with
How CookiePro Helps

Inform and allow visitors to opt-out of the collection of their personal data when they visit your website.

  • Scan your website to identify and categorize cookies and tracking technologies on your website
  • Display a location-based cookie consent banner that auto-blocks cookies until the visitor opts-in or out of your cookie policy
  • Add a dynamic cookie policy that includes a list of categorized cookies with descriptions and duration
The Right of Access

The Right of Access, also known as subject access, gives individuals the right to obtain a copy of their information that an organization holds about them.

When the organization receives the subject request, it must provide the data subject with the following information:

  • Purpose of Processing – why they process the data
  • The categories of personal data they have collected
  • The recipients of the personal data
  • The retention period for storing the data
  • The source of the information
  • The safeguarding of the information if the organization transfers personal data to a third country or international organization
How CookiePro Helps

Intake and fulfill data subject requests for personal information access requests:

  • Build a GDPR-specific request intake web form linked directly from your company’s website
  • Centralize all subject access requests into a single queue
  • Define an automated triage workflow for fulfilling requests
CookiePro DSAR Web Form Editor
CookiePro DSAR Web Form
The Right to Rectification

Under Article 16 of the GDPR, individuals have the right to request the modification of their data, including the correction of errors and the updating of incomplete information.

How CookiePro Helps

Build and configure web forms to capture subject rectification requests and launch automated workflows integrated with your existing systems to update that information.

  • Build a GDPR-specific request intake web form linked directly from your company’s website
  • Centralize all subject access requests into a single queue
  • Define the end-to-end subject request process from assignment to review and approval
  • Define an automated workflow that updates the information in your integrated third-party systems
  • Set deadlines for fulfilling requests within one calendar month
The Right to Erasure

Under Article 17 of the GDPR, individuals have the right to have their personal data erased.  This is also known as the ‘right to be forgotten’.

Individuals have the right in the following circumstances:

  • The personal data is no longer necessary for the original purpose that you collected or processed it for
  • You are relying on consent and the individual withdraws their consent
  • The individual objects to the processing of their data
  • You are processing the data for direct marketing purposes
  • You have processed the data unlawfully
  • You have to delete the data in compliance with a legal obligation
  • You have processed the personal data of a child
How CookiePro Helps

Intake and track subject deletion requests through a fully customizable portal.

  • Build a request form using a CookiePro template with configurable settings, languages, and response templates
  • Define automated workflows for fulfilling the request
  • Transmit a notification to the data subject to protect the communications and information provided
CookiePro DSAR Erasure
DSAR Targeted Data DIscovery
The Right to Restrict Processing

Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data.  If consumers exercise this right, businesses can continue to store the data but must not use or process that data.

Individuals have the right in the following circumstances:

  • You are verifying the accuracy of their personal data after they submit a right to rectification request
  • The data has been unlawfully processed
  • You no longer need the personal data, but the individual needs you to keep the data for a legal claim
How CookiePro Helps

Enable individuals to request that their information is not processed by filling out a CookiePro generated data subject request web form.

  • Validate the data subject’s identity through internal systems, API integrations, customer service processes, and third-party validation services
  • Assign main responsibilities to privacy offices, IT teams, or business users based on the type of request and where the data resides
  • Use response templates to respond to the individual, then track and notify the individual when the request has been processed

 

Right to Data Portability

The right to data portability gives individuals the right to obtain and transfer their data to a different controller or service.

Individuals have the right to data portability in the following circumstances:

  • Your lawful basis for processing this information is consent or for the performance of a contract
  • You are carrying out the processing by automated means
How CookiePro Helps

Provide individuals with an intake form to submit their requests, then easily find the data and fulfill the request.

  • Build a secure, robust consumer portal to intake requests in a way that matches your brand and business
  • Integrate with third-party service management tools like ServiceNow or BMC Remedy to identify, track, and fulfill requests sent to IT teams
  • Validate the user identity and use it to locate and retrieve consumer data and respond to requests quicker
CookiePro DSAR Response Templates
CookiePro DSAR Dashboard
Right to Object

Article 21 of the GDPR gives individuals the right to object to the processing of their personal data at any time in certain circumstances and always have this right if the purpose is for direct marketing.

Individuals have the right to object if that processing is for:

  • A task carried out in the public interest
  • The exercise of official authority
  • Legitimate interest
How CookiePro Helps

The GDPR is clear that you must inform individuals of their right to object.  Use CookiePro to inform and allow visitors to object to the processing of their personal information when they visit your website.

  • Provide visitors with a customizable preference center where they can opt-out of the processing of their personal information
  • Provide visitors with a subject access request form to request for their data to no longer be processed
  • Validate the individual’s identity and use it to locate and retrieve consumer data, restrict processing, and respond to the subject request in a timely manner.
CCPA Do Not Sell Laptop Mockup

CookiePro Do Not Sell WordPress Plugin

Download the new CookiePro Do Not Sell WordPress plugin to allow website visitors to opt of the sale of their personal information.

Download Now

Recent Posts

CCPA Compliance Checklist: 7-Week Countdown
Learn about #4 off of our CCPA Compliance Checklist which focuses on intaking consumer requests through online forms.
[WEBINAR] Prepare for CCPA with CookiePro
Join the CookiePro team for a CCPA preparation webinar on Friday, November 22 at 11:30 pm.
CCPA Compliance Checklist: 8-Week Countdown
Learn about #3 off of our CCPA Compliance Checklist which focuses on the consumer right called the Right to Inform.
Mobile-Responsive Consent Management is Key
With the increase of web browsing on mobile devices and tablets, it's important to partner with a consent management tool that provides...