The complete solution to comply with the GDPR

Make your organization compliant with the EU General Data Protection Regulation by using iubenda to generate a privacy and cookie policy for your site and app, by implementing a cookie notice with prior blocking, by tracking consents via our Consent Solution and by documenting your data processing activity with our Internal Privacy Management solution.

Not sure what you need? Getting started guide

Start generating

The requirements according to the GDPR

Privacy and Cookie Policy

Requirement

Websites are required to provide a privacy policy and cookie policy. Apps don't generally make use of cookies, but they require a privacy policy anyway.

Policies are invalid if they're missing the right information

In order to be compliant, your policy must describe the personal data collected and the purposes of their collection, list all the third parties the data is shared with and inform users of their rights in relation to their data.

What's the risk if I don't comply?

Solution

Privacy and Cookie Policy Generator

Customizable from 600+ clauses in 8 languages, automatically updated if the law changes

Explore

Cookie notice and prior blocking

Requirement

Websites need to comply with the ePrivacy directive (EU Cookie Law), which is still valid with the GDPR. In particular:

Provide a cookie policy

Display a cookie banner

Acquire consent for installing profiling cookies (e.g. via Google Analytics, Adsense etc.)

Release profiling cookies only when consent has been provided (prior consent)

Solution

Cookie Solution

All you need for the EU Cookie Law: cookie banner, prior blocking and asynchronous re-activation

Explore

Proof of consent

Requirement

In order to comply with privacy laws, especially the GDPR, companies need to store proof of consent, so that they can demonstrate that consent was collected, being able to retrieve:

When consent was provided

By whom

Which preferences were expressed

Which legal or privacy notice they were presented with at the time

Which form they were presented with at the time

Solution

Consent Solution

The solution to easily track, store, manage and retrieve user consent

Explore

Record of processing activities

Requirement

In order to comply with privacy laws, especially the GDPR, companies need to keep a record of how they store and use the data they collect from users. In particular, they must document in writing:

Data retention policy for each processing activity

Security measures

Legal basis for processing

Data transfer outside of the EU, if any

The parties that you share the data with, both inside and outside of your organization

Solution

Internal Privacy Management

The solution to easily record all the data processing activity within your organization

Explore

Trusted by over 50,000 clients in 100+ countries

Opengov Martini MIT Goethe Universität Frankfurt Ustwo New York Code Co. honda

Start generating

TRY BEFORE YOU BUY or STAY WITH THE FREE OPTION

1215012 policies already generated

FAQ

Who does the GDPR apply to?

Generally speaking, the GDPR can apply in 3 instances:

  • Where your base of operations is in the EU (this applies whether the processing takes place in the EU or not);
  • where, even though you're not established in the EU, you offer goods or services (even if the offer is for free) to people in the EU;
  • or where you're not established in the EU but monitor (track, or process) the behavior of people who are in the EU.
Another useful clarification here is regarding who is covered by the GDPR. A common misconception is that only EU users are covered by the protections of the GDPR, however the protections of the GDPR also extend to users outside the EU if the data controller is EU based.

Read More

Are there consequences for non-compliance?

The legal consequences for non-compliance can include fines up to EUR 20 million (€20m) or 4% of the annual worldwide turnover (whichever is greater), but perhaps equally as concerning are the other potential sanctions that may be implemented against organizations found to be in violation. These sanctions include official reprimands (for first-time violations), periodic data protection audits (which can result in being barred from using data associated with the violation — including entire email lists) and liability damages.

Read More

A 360° solution to make your sites and apps compliant with the law

Compliance for websites and apps

Privacy and Cookie Policy Generator

Customizable from 600+ clauses in 8 languages, automatically updated if the law changes

Explore

Cookie Solution

All you need for the EU Cookie Law: cookie banner, prior blocking and asynchronous re-activation

Explore

Compliance for your organization

Consent Solution

The solution to easily track, store, manage and retrieve user consent

Explore

Internal Privacy Management

The solution to easily record all the data processing activity within your organization

Explore