CINXE.COM

Cookies, the GDPR, and the ePrivacy Directive - GDPR.eu

<!DOCTYPE html><html lang=en-US class="no-js no-svg"><head><meta charset=UTF-8><meta name=viewport content="width=device-width, initial-scale=1.0"><link rel=profile href=http://gmpg.org/xfn/11><link type=text/css media=all href=https://gdpr.eu/wp-content/cache/autoptimize/css/autoptimize_5b670c3f41f6d1c9d284128a1816dcbc.css rel=stylesheet><title>Cookies, the GDPR, and the ePrivacy Directive - GDPR.eu</title> <script>(function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.6"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> <meta name=description content="Cookies can give businesses insight into their users’ online activity. Unforunately they are subject to both the GDPR and the ePrivacy Directive, making compliance difficult."><meta name=robots content="max-snippet:-1, max-image-preview:large, max-video-preview:-1"><link rel=canonical href=https://gdpr.eu/cookies/ ><meta property=og:locale content=en_US><meta property=og:type content=article><meta property=og:title content="Cookies, the GDPR, and the ePrivacy Directive - GDPR.eu"><meta property=og:description content="Cookies can give businesses insight into their users’ online activity. Unforunately they are subject to both the GDPR and the ePrivacy Directive, making compliance difficult."><meta property=og:url content=https://gdpr.eu/cookies/ ><meta property=og:site_name content=GDPR.eu><meta property=article:section content="GDPR Compliance"><meta property=article:published_time content=2019-05-09T13:56:35+00:00><meta property=article:modified_time content=2024-08-29T09:26:28+00:00><meta property=og:updated_time content=2024-08-29T09:26:28+00:00><meta property=og:image content=https://gdpr.eu/wp-content/uploads/2019/05/blog-gdpr-Cookies-GDPR-and-the-ePrivacy-Directive.jpg><meta property=og:image:secure_url content=https://gdpr.eu/wp-content/uploads/2019/05/blog-gdpr-Cookies-GDPR-and-the-ePrivacy-Directive.jpg><meta property=og:image:width content=1920><meta property=og:image:height content=1080><meta name=twitter:card content=summary_large_image><meta name=twitter:description content="Cookies can give businesses insight into their users’ online activity. Unforunately they are subject to both the GDPR and the ePrivacy Directive, making compliance difficult."><meta name=twitter:title content="Cookies, the GDPR, and the ePrivacy Directive - GDPR.eu"><meta name=twitter:image content=https://gdpr.eu/wp-content/uploads/2019/05/blog-gdpr-Cookies-GDPR-and-the-ePrivacy-Directive.jpg> <script type=application/ld+json class='yoast-schema-graph yoast-schema-graph--main'>{"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://gdpr.eu/#organization","name":"GDPR.eu","url":"https://gdpr.eu/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https://gdpr.eu/#logo","url":"https://gdpr.eu/wp-content/uploads/2019/02/profile-pic-PH-gdpr.jpg","width":900,"height":900,"caption":"GDPR.eu"},"image":{"@id":"https://gdpr.eu/#logo"}},{"@type":"WebSite","@id":"https://gdpr.eu/#website","url":"https://gdpr.eu/","name":"GDPR.eu","publisher":{"@id":"https://gdpr.eu/#organization"},"potentialAction":{"@type":"SearchAction","target":"https://gdpr.eu/?s={search_term_string}","query-input":"required name=search_term_string"}},{"@type":"ImageObject","@id":"https://gdpr.eu/cookies/#primaryimage","url":"https://gdpr.eu/wp-content/uploads/2019/05/blog-gdpr-Cookies-GDPR-and-the-ePrivacy-Directive.jpg","width":1920,"height":1080,"caption":"cookies GDPR compliance"},{"@type":"WebPage","@id":"https://gdpr.eu/cookies/#webpage","url":"https://gdpr.eu/cookies/","inLanguage":"en-US","name":"Cookies, the GDPR, and the ePrivacy Directive - GDPR.eu","isPartOf":{"@id":"https://gdpr.eu/#website"},"primaryImageOfPage":{"@id":"https://gdpr.eu/cookies/#primaryimage"},"datePublished":"2019-05-09T13:56:35+00:00","dateModified":"2024-08-29T09:26:28+00:00","description":"Cookies can give businesses insight into their users\u2019 online activity. Unforunately they are subject to both the GDPR and the ePrivacy Directive, making compliance difficult."},{"@type":"Article","@id":"https://gdpr.eu/cookies/#article","isPartOf":{"@id":"https://gdpr.eu/cookies/#webpage"},"author":{"@id":"https://gdpr.eu/#/schema/person/5cd2d5241f0b12376f50ab9f841b2eac"},"headline":"Cookies, the GDPR, and the ePrivacy Directive","datePublished":"2019-05-09T13:56:35+00:00","dateModified":"2024-08-29T09:26:28+00:00","commentCount":0,"mainEntityOfPage":{"@id":"https://gdpr.eu/cookies/#webpage"},"publisher":{"@id":"https://gdpr.eu/#organization"},"image":{"@id":"https://gdpr.eu/cookies/#primaryimage"},"articleSection":"GDPR Compliance"},{"@type":["Person"],"@id":"https://gdpr.eu/#/schema/person/5cd2d5241f0b12376f50ab9f841b2eac","name":"Richie Koch","image":{"@type":"ImageObject","@id":"https://gdpr.eu/#authorlogo","url":"https://secure.gravatar.com/avatar/08db9693a2296708cd4d5a8f614cf370?s=96&d=mm&r=g","caption":"Richie Koch"},"description":"Prior to joining Proton VPN, Richie spent several years working on tech solutions in the developing world. As a senior editor at Latterly magazine, he covered international human rights stories. He joined Proton VPN to advance the rights of online privacy and freedom.","sameAs":[]}]}</script> <link rel=dns-prefetch href=//ws.sharethis.com><link rel=dns-prefetch href=//cdn.jsdelivr.net><link rel=dns-prefetch href=//maxcdn.bootstrapcdn.com><link rel=dns-prefetch href=//fonts.googleapis.com><link rel=dns-prefetch href=//use.fontawesome.com><link rel=dns-prefetch href=//s.w.org><link rel=alternate type=application/rss+xml title="GDPR.eu &raquo; Feed" href=https://gdpr.eu/feed/ ><link rel=alternate type=application/rss+xml title="GDPR.eu &raquo; Comments Feed" href=https://gdpr.eu/comments/feed/ ><link rel=alternate type=application/rss+xml title="GDPR.eu &raquo; Cookies, the GDPR, and the ePrivacy Directive Comments Feed" href=https://gdpr.eu/cookies/feed/ > <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/gdpr.eu\/wp-includes\/js\/wp-emoji-release.min.js?ver=8c03ada028d9ba4936249699216631ae"}}; !function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode;p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0);e=i.toDataURL();return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(o=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},r=0;r<o.length;r++)t.supports[o[r]]=function(e){if(!p||!p.fillText)return!1;switch(p.textBaseline="top",p.font="600 32px Arial",e){case"flag":return s([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])?!1:!s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(n=t.source||{}).concatemoji?c(n.concatemoji):n.wpemoji&&n.twemoji&&(c(n.twemoji),c(n.wpemoji)))}(window,document,window._wpemojiSettings);</script> <style>img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 .07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; }</style><link rel=stylesheet id=simple-share-buttons-adder-font-awesome-css href='//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8c03ada028d9ba4936249699216631ae' type=text/css media=all><link rel=stylesheet id=opensans-css href='https://fonts.googleapis.com/css?family=Open+Sans' type=text/css media=all><link rel=stylesheet id=font-awesome-css href=https://use.fontawesome.com/releases/v5.1.1/css/all.css type=text/css media=all> <script src="https://gdpr.eu/wp-content/cache/minify/c7035.js"></script> <script id=st_insights_js src='https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&#038;product=simpleshare'></script> <link rel=https://api.w.org/ href=https://gdpr.eu/wp-json/ ><link rel=EditURI type=application/rsd+xml title=RSD href=https://gdpr.eu/xmlrpc.php?rsd><link rel=wlwmanifest type=application/wlwmanifest+xml href=https://gdpr.eu/wp-includes/wlwmanifest.xml><link rel=shortlink href='https://gdpr.eu/?p=10483'><link rel=alternate type=application/json+oembed href="https://gdpr.eu/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fgdpr.eu%2Fcookies%2F"><link rel=alternate type=text/xml+oembed href="https://gdpr.eu/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fgdpr.eu%2Fcookies%2F&#038;format=xml"><link rel="shortcut icon" href=https://gdpr.eu/wp-content/themes/gdpr/assets/favicon.ico><link rel=apple-touch-icon sizes=57x57 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-57x57.png><link rel=apple-touch-icon sizes=60x60 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-60x60.png><link rel=apple-touch-icon sizes=72x72 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-72x72.png><link rel=apple-touch-icon sizes=76x76 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-76x76.png><link rel=apple-touch-icon sizes=114x114 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-114x114.png><link rel=apple-touch-icon sizes=120x120 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-120x120.png><link rel=apple-touch-icon sizes=144x144 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-144x144.png><link rel=apple-touch-icon sizes=152x152 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-152x152.png><link rel=apple-touch-icon sizes=180x180 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-180x180.png><link rel=icon type=image/png sizes=192x192 href=https://gdpr.eu/wp-content/themes/gdpr/assets/android-icon-192x192.png><link rel=icon type=image/png sizes=32x32 href=https://gdpr.eu/wp-content/themes/gdpr/assets/favicon-32x32.png><link rel=icon type=image/png sizes=96x96 href=https://gdpr.eu/wp-content/themes/gdpr/assets/favicon-96x96.png><link rel=icon type=image/png sizes=16x16 href=https://gdpr.eu/wp-content/themes/gdpr/assets/favicon-16x16.png><link rel=manifest href=https://gdpr.eu/wp-content/themes/gdpr/assets/manifest.json><meta name=msapplication-TileColor content=#ffffff><meta name=msapplication-TileImage content=https://gdpr.eu/wp-content/themes/gdpr/assets/ms-icon-144x144.png><meta name=theme-color content=#ffffff><style>.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style></head><body class="post-template-default single single-post postid-10483 single-format-standard cookies-not-set"><div id=wrapper><header id=header><div id=social><div class="container text-right"> <a target=_blank href="http://www.facebook.com/sharer.php?u=https://gdpr.eu/"><em class="fab fa-facebook"></em> <span>Facebook</span></a> <a target=_blank href="http://twitter.com/share?url=https://gdpr.eu/"><em class="fab fa-twitter"></em> <span>Twitter</span></a></div></div><div id=top><div class=container><div class=pull-right><div class=search-box><form role=search method=get class=search-form action=https://gdpr.eu/ > <input type=search id=search-form-674722e09d7f9 class=textbox placeholder=Search... value name=s> <button type=submit class=button><i class=icon-search></i><span>Search</span></button></form></div></div> <span id=logo> <a href=https://gdpr.eu/ class=gdpr></a> <a target=_blank href=https://ec.europa.eu/programmes/horizon2020/en/ class=horizon></a> <img class=full src=https://gdpr.eu/wp-content/themes/gdpr/images/logo-gdpr-eu.svg alt=GDPR.eu> <img class=short src=https://gdpr.eu/wp-content/themes/gdpr/images/logo-gdpr-eu-notext.svg alt=GDPR.eu> </span></div></div><nav id=nav><div class=container><div id=searchx><div class=search-box><form role=search method=get class=search-form action=https://gdpr.eu/ > <input type=search id=search-form-674722e09d949 class=textbox placeholder=Search... value name=s> <button type=submit class=button><i class=icon-search></i><span>Search</span></button></form></div></div><nav id=mainmenu class=menu-primary-menu-container><ul><li id=menu-item-309 class="menu-item menu-item-type-post_type menu-item-object-page menu-item-home menu-item-309"><a href=https://gdpr.eu/ >Home</a></li><li id=menu-item-351 class="menu-item menu-item-type-post_type menu-item-object-page menu-item-351"><a href=https://gdpr.eu/checklist/ >Checklist</a></li><li id=menu-item-8150 class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8150"><a href=https://gdpr.eu/faq/ >FAQ</a></li><li id=menu-item-394 class="menu-item menu-item-type-taxonomy menu-item-object-post_tag menu-item-394"><a href=https://gdpr.eu/tag/gdpr/ >GDPR</a></li><li id=menu-item-350 class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-350"><a href=https://gdpr.eu/category/news-updates/ >News &#038; Updates</a></li></ul></nav></div></nav></header><div id=main><div id=primary class="content-area one-column"><div id=content class=site-content><div class=post-main-box><div class=featured-image style="background-image: url(https://gdpr.eu/wp-content/uploads/2019/05/blog-gdpr-Cookies-GDPR-and-the-ePrivacy-Directive.jpg); "> <em></em><div class=container><div class=container><h1>Cookies, the GDPR, and the ePrivacy Directive</h1> <i></i></div></div></div><div class=container><div class=post-detail-box><div class=container><div class=row><div class="col-xl-8 col-lg-12 single-content"><h3>Cookies are an important tool that can give businesses a great deal of insight into their users’ online activity. Despite their importance, the regulations governing cookies are split between the GDPR and the ePrivacy Directive.</h3><p>Cookies are small text files that websites place on your device as you are browsing. They are processed and stored by your web browser. In and of themselves, cookies are harmless and serve crucial functions for websites. Cookies can also generally be easily viewed and deleted.<br></p><p>However, cookies can store a wealth of data, enough to potentially identify you without your consent. Cookies are the primary tool that advertisers use to track your online activity so that they can target you with highly specific ads. Given the amount of data that cookies can contain, they can be considered personal data in certain circumstances and, therefore, subject to the GDPR.<br></p><p>Before analyzing what the GDPR and the ePrivacy Directive have to say about cookies, it is essential to have a basic understanding of the different types of cookies.</p><h2>Types of Cookies</h2><p>In general, there are three different ways to classify cookies: what purpose they serve, how long they endure, and their provenance.<br></p><p><strong>Duration</strong></p><ul><li>Session cookies<strong> –</strong> These cookies are temporary and expire once you close your browser (or once your session ends).</li><li>Persistent cookies<strong> — </strong>This category encompasses all cookies that remain on your hard drive until you erase them or your browser does, depending on the cookie’s expiration date. All persistent cookies have an expiration date written into their code, but their duration can vary.</li></ul><p><strong>Provenance</strong></p><ul><li>First-party cookies<strong> —</strong> As the name implies, first-party cookies are put on your device directly by the website you are visiting.</li><li>Third-party cookies — These are the cookies that are placed on your device, not by the website you are visiting, but by a third party like an advertiser or an analytic system.</li></ul><p><strong>Purpose</strong></p><ul><li>Strictly necessary cookies — These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.</li><li>Preferences cookies — Also known as “functionality cookies,” these cookies allow a website to remember choices you have made in the past, like what language you prefer, what region you would like weather reports for, or what your user name and password are so you can automatically log in.</li><li>Statistics cookies — Also known as “performance cookies,” these cookies collect information about how you use a website, like which pages you visited and which links you clicked on. None of this information can be used to identify you. It is all aggregated and, therefore, anonymized. Their sole purpose is to improve website functions. This includes cookies from third-party analytics services as long as the cookies are for the exclusive use of the owner of the website visited.</li><li>Marketing cookies — These cookies track your online activity to help advertisers deliver more relevant advertising or to limit how many times you see an ad. These cookies can share that information with other organizations or advertisers. These are persistent cookies and almost always of third-party provenance.</li></ul><p>These are the main ways of classifying cookies, although there are cookies that will not fit neatly into these categories or may qualify for multiple categories. When people complain about the privacy risks presented by cookies, they are generally speaking about third-party, persistent, marketing cookies. These cookies can contain significant amounts of information about your online activity, preferences, and location. The chain of responsibility (who can access a cookies’ data) for a third-party cookie can get complicated as well, only heightening their potential for abuse. Perhaps because of this, the<a href=https://www.fastcompany.com/90229646/heres-how-gdpr-is-already-changing-web-design> use of third-party cookies has been in decline</a> since the passage of the GDPR</p><h2>Cookies and the GDPR</h2><p>The<a href=https://gdpr.eu/what-is-gdpr/ > General Data Protection Regulation</a> (GDPR) is the most comprehensive data protection legislation that has been passed by any governing body to this point. However, throughout its’ 88 pages, it only mentions cookies directly once, in<a href=https://gdpr.eu/recital-30-online-identifiers-for-profiling-and-identification/ > Recital 30</a>.</p><blockquote class=wp-block-quote><p>Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.</p></blockquote><p>What these two lines are stating is that cookies, insofar as they are used to identify users, qualify as personal data and are therefore subject to the GDPR. Companies do have a right to process their users’ data as long as they receive consent or if they have a<a href=https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/legal-grounds-processing-data/grounds-processing/what-does-grounds-legitimate-interest-mean_en> legitimate interest</a>.</p><h2>Cookies and ePrivacy Directive</h2><p>Passed in the 2002 and amended in 2009, the<a href=https://edps.europa.eu/data-protection/our-work/subjects/eprivacy-directive_en> ePrivacy Directive</a> (EPD) has become known as the “cookie law” since its most notable effect was the proliferation of cookie consent pop-ups after it was passed. It supplements (and in some cases, overrides) the GDPR, addressing crucial aspects about the confidentiality of electronic communications and the tracking of Internet users more broadly.</p><h2>Cookie compliance</h2><p>To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:</p><ul><li>Receive users’ consent before you use any cookies <strong>except</strong> strictly necessary cookies.</li><li>Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.</li><li>Document and store consent received from users.</li><li>Allow users to access your service even if they refuse to allow the use of certain cookies</li><li>Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.</li></ul><h2>ePrivacy Regulation</h2><p>The EPD’s eventual replacement, the ePrivacy Regulation (EPR), will build upon the EPD and expand its definitions. (In the EU, a <em>directive </em>must be incorporated into national law by EU countries while a <em>regulation</em> becomes legally binding throughout the EU the date it comes into effect.)<br></p><p>The EPR was supposed to be passed in 2018 at the same time as the GDPR came into force. The EU obviously missed that goal, but there are<a href=https://www.linklaters.com/en/insights/publications/tmt-news/tmt-news---june-2017/eu---status-of-the-proposed-eprivacy-regulation-tighter-cookie-rules-and-more> drafts of the document online</a>, and it is scheduled to be finalized sometime this year even though there is no still date for when it will be implemented. The EPR promises to address browser fingerprinting in ways that are similar to cookies, create more robust protections for metadata, and take into account new methods of communication, like WhatsApp.<br></p><p>The rules regulating cookies are still being set, and cookies themselves are continually evolving, which means maintaining a current cookie policy will be a continuous job. However, properly informing your users about the cookies your site is using and, when necessary, receiving their consent will keep your users happy and keep you GDPR-compliant.</p><p>Update August 29, 2024: Removed a reference that the ePrivacy Directive requires persistent cookies to be removed after 12 months. While some countries, for example, <a href=https://cnpd.public.lu/content/dam/cnpd/fr/dossiers-thematiques/cookies/CNPD-LD-Cookies.pdf>Luxembourg</a>, enforce a 12-month limit on cookie retention, there is no stated limit in the ePrivacy Directive, and each country is free to set its own limit. These limits also vary, from 12 months for Luxembourg to whatever is &#8220;necessary to achieve their intended purpose&#8221; for the UK.</p><div class=rp4wp-related-posts><h3>Related Posts</h3><ul><li><div class=rp4wp-related-post-content> <a href=https://gdpr.eu/recital-30-online-identifiers-for-profiling-and-identification/ >Recital 30 - Online identifiers for profiling and identification</a></div></li><li><div class=rp4wp-related-post-content> <a href=https://gdpr.eu/eu-gdpr-personal-data/ >What is considered personal data under the EU GDPR?</a></div></li><li><div class=rp4wp-related-post-content> <a href=https://gdpr.eu/data-privacy/ >A guide to GDPR data privacy requirements</a></div></li><li><div class=rp4wp-related-post-content> <a href=https://gdpr.eu/article-95-publicly-available-electronic-communication/ >Art. 95 GDPR - Relationship with Directive 2002/58/EC</a></div></li><li><div class=rp4wp-related-post-content> <a href=https://gdpr.eu/article-94-directive-95-46-ec-repealed/ >Art. 94 GDPR - Repeal of Directive 95/46/EC</a></div></li><li><div class=rp4wp-related-post-content> <a href=https://gdpr.eu/article-34-communication-of-a-personal-data-breach/ >Art. 34 GDPR - Communication of a personal data breach to the data subject</a></div></li></ul></div><div class=post-share><div id=ssba-modern-2 class="ssba ssbp-wrap left ssbp--theme-4"><div style=text-align:left><span class=ssba-share-text>Share on:</span><ul class=ssbp-list><li class=ssbp-li--facebook><a data-site class="ssba_facebook_share ssbp-facebook ssbp-btn" href="http://www.facebook.com/sharer.php?u=https://gdpr.eu/cookies/" target=_blank ><div title=Facebook class=ssbp-text>Facebook</div></a></li><li class=ssbp-li--google><a data-site class="ssba_google_share ssbp-google ssbp-btn" href="https://plus.google.com/share?url=https://gdpr.eu/cookies/" target=&quot;_blank&quot; ><div title=Google+ class=ssbp-text>Google+</div></a></li><li class=ssbp-li--twitter><a data-site class="ssba_twitter_share ssbp-twitter ssbp-btn" href="http://twitter.com/share?url=https://gdpr.eu/cookies/&amp;text=Cookies%2C%20the%20GDPR%2C%20and%20the%20ePrivacy%20Directive%20" target=&quot;_blank&quot; ><div title=Twitter class=ssbp-text>Twitter</div></a></li><li class=ssbp-li--linkedin><a data-site=linkedin class="ssba_linkedin_share ssba_share_link ssbp-linkedin ssbp-btn" href="http://www.linkedin.com/shareArticle?mini=true&amp;url=https://gdpr.eu/cookies/" target=&quot;_blank&quot; ><div title=Linkedin class=ssbp-text>Linkedin</div></a></li></ul></div></div></div></div><div class="col-lg-4 d-none d-xl-block"><div id=sidebar><section class=yellow><h5>Forms and Templates</h5><ul><li><a href=/data-processing-agreement/ ><i class="far fa-file-alt"></i>&nbsp;&nbsp;Data Processing Agreement</a></li><li><a href=/right-to-erasure-request-form/ ><i class="far fa-file-alt"></i>&nbsp;&nbsp;Right to Erasure Request Form</a></li><li><a href=/privacy-notice/ ><i class="far fa-file-alt"></i>&nbsp;&nbsp;Privacy Policy</a></li></ul></section></div></div></div></div></div><div class=post-author-details-box> <span class=author-intials><img src=https://gdpr.eu/wp-content/uploads/2019/01/richie.gif style=' height: 100%; max-width: initial !important;'></span><div class=post-author-details><h6>Richie Koch</h6> <span>Managing Editor, GDPR EU</span><p>Prior to joining Proton VPN, Richie spent several years working on tech solutions in the developing world. As a senior editor at Latterly magazine, he covered international human rights stories. He joined Proton VPN to advance the rights of online privacy and freedom.</p></div></div></div></div></div></div></div><footer id=footer><div class=container><div class=post-author-details-box><div class=post-author-details><h6>About GDPR.EU</h6><p>&nbsp;</p><p>GDPR.EU is a website operated by Proton Technologies AG, which is co-funded by Project REP-791727-1 of the Horizon 2020 Framework Programme of the European Union. This is not an official EU Commission or Government resource. The europa.eu webpage concerning GDPR can be found <a href=https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en target=_blank>here</a>. Nothing found in this portal constitutes legal advice.</p></div></div><div class=footer-top><div class=row><div class=col-sm-3> <br><h5>Getting Started</h5><br><div class=menu-deep-footer-column-1-container><ul class=fmenu><li id=menu-item-9315 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9315"><a href=https://gdpr.eu/what-is-gdpr/ >What is GDPR?</a></li><li id=menu-item-9316 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9316"><a href=https://gdpr.eu/fines/ >What are the GDPR Fines?</a></li><li id=menu-item-9317 class="menu-item menu-item-type-post_type menu-item-object-page menu-item-9317"><a href=https://gdpr.eu/checklist/ >GDPR Compliance Checklist</a></li></ul></div></div><div class=col-sm-3> <br><h5>Templates</h5><br><div class=menu-deep-footer-column-2-container><ul class=fmenu><li id=menu-item-9318 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9318"><a href=https://gdpr.eu/data-processing-agreement/ >Data Processing Agreement</a></li><li id=menu-item-9319 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9319"><a href=https://gdpr.eu/right-to-erasure-request-form/ >Right to Erasure Request Form</a></li><li id=menu-item-9320 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9320"><a href=https://gdpr.eu/privacy-notice/ >Writing a GDPR-compliant privacy notice</a></li></ul></div></div><div class=col-sm-3> <br><h5>Technical Review</h5><br><div class=menu-deep-footer-column-3-container><ul class=fmenu><li id=menu-item-9321 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9321"><a href=https://gdpr.eu/data-protection-officer/ >Data Protection Office Guide</a></li><li id=menu-item-9322 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9322"><a href=https://gdpr.eu/email-encryption/ >GDPR and Email</a></li><li id=menu-item-9323 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9323"><a href=https://gdpr.eu/companies-outside-of-europe/ >Does GDPR apply outside of the EU</a></li></ul></div></div><div class=col-sm-3> <br><h5>About Us</h5><br><p>GDPR.eu is co-funded by the <a href=https://ec.europa.eu/programmes/horizon2020/en/ >Horizon 2020</a> Framework Programme of the European Union <strong>and operated by Proton AG</strong>.</p></div></div></div><div class=formz><p>&nbsp;</p><p><strong>GDPR Forms and Templates</strong></p><p> <a href=/data-processing-agreement/ ><i class="far fa-file-alt"></i> <strong>Data Processing Agreement</strong> <i class="fa fa-chevron-right"></i></a> <a href=/right-to-erasure-request-form/ ><i class="far fa-file-alt"></i> <strong>Right to Erasure Request Form</strong> <i class="fa fa-chevron-right"></i></a> <a href=/privacy-notice/ ><i class="far fa-file-alt"></i> <strong>Privacy Policy</strong> <i class="fa fa-chevron-right"></i></a></p></div><p>&nbsp;</p><p class=copyright>© 2024 Proton AG. All Rights Reserved.</p><p class=text-center> <br> <a href=https://gdpr.eu/terms-and-conditions/ >Terms and Conditions</a> &nbsp;&nbsp;&nbsp; <a href=https://gdpr.eu/privacy-policy/ >Privacy Policy</a></p></div></footer></div><div id=compliance_a style=display:none;> <a href=# class="close fa fa-times"></a> <img src=https://gdpr.eu/wp-content/themes/gdpr/images/gdpr_graphic.svg alt="GDPR Graphic"><p>GDPR compliance is easier with <strong>encrypted email</strong></p> <span><a target=_blank href="https://proton.me/business/gdpr?ref=gdpreu">Learn more <i class="fa fa-chevron-right"></i></a></span></div><style id=simple-share-buttons-adder-ssba-inline-css>.ssba { } .ssba img { width: 35px !important; padding: 6px; border: 0; box-shadow: none !important; display: inline !important; vertical-align: middle; box-sizing: unset; } #ssba-classic-2 .ssbp-text { display: none!important; } .ssba .fb-save { padding: 6px; } .ssbp-list li a {height: 25px!important; width: 25px!important; background-color: #0072ff!important; } .ssbp-list li a:hover {background-color: #0072ff!important; } .ssbp-list li a::before {line-height: 25px!important;; font-size: 16px;color: #fff!important;} .ssbp-list li a:hover::before {color: #fff!important;} .ssbp-list li { margin-left: 8px!important; } .ssba-share-text { font-size: 16px; font-weight: normal; font-family: inherit; } @font-face { font-family: 'ssbp'; src:url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.eot?xj3ol1'); src:url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.eot?#iefixxj3ol1') format('embedded-opentype'), url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.woff?xj3ol1') format('woff'), url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.ttf?xj3ol1') format('truetype'), url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.svg?xj3ol1#ssbp') format('svg'); font-weight: normal; font-style: normal; /* Better Font Rendering =========== */ -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; }</style> <script>var cnArgs = {"ajaxurl":"https:\/\/gdpr.eu\/wp-admin\/admin-ajax.php","hideEffect":"fade","onScroll":"no","onScrollOffset":"100","cookieName":"cookie_notice_accepted","cookieValue":"true","cookieTime":"2592000","cookiePath":"\/","cookieDomain":"","redirection":"1","cache":"1","refuse":"yes","revoke_cookies":"0","revoke_cookies_opt":"automatic","secure":"1"};</script> <script src="https://gdpr.eu/wp-content/cache/minify/6fdea.js"></script> <script>Main.boot( [] );</script> <script src=https://cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js></script> <div id=cookie-notice role=banner class="cn-bottom bootstrap" style="color: #fff; background-color: #000;" aria-label="Cookie Notice"><div class=cookie-notice-container><span id=cn-notice-text>We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.</span><a href=# id=cn-accept-cookie data-cookie-set=accept class="cn-set-cookie cn-button bootstrap button">Ok</a><a href=# id=cn-refuse-cookie data-cookie-set=refuse class="cn-set-cookie cn-button bootstrap button">No</a><a href=https://gdpr.eu/privacy-policy/ target=_blank id=cn-more-info class="cn-more-info cn-button bootstrap button">Privacy policy</a></div><div class=cookie-notice-revoke-container><a href=# class="cn-revoke-cookie cn-button bootstrap button">Revoke cookies</a></div></div> <script defer src=https://gdpr.eu/wp-content/cache/autoptimize/js/autoptimize_5dd90da4735596921829dacc461fe36f.js></script></body></html> <!-- Performance optimized by W3 Total Cache. Learn more: https://www.w3-edge.com/products/ Page Caching using disk: enhanced Minified using disk Database Caching 47/69 queries in 0.032 seconds using disk Served from: gdpr.eu @ 2024-11-27 14:47:12 by W3 Total Cache -->

Pages: 1 2 3 4 5 6 7 8 9 10