Iubenda logo
New California's Consumer Privacy Act (CCPA) enforceable from January 1st. Find out how to comply ->

GDPR compliance for your site, app and organization

GDPR compliance can be a technical and logistical challenge for individuals and organizations alike. Our solutions take the guesswork out of compliance and make it easy for you to meet GDPR requirements. Create a privacy & cookie policy in minutes, set-up your cookie banner with prior blocking, easily manage consent, maintain compliant processing records and more.

Not sure what you need? Getting started guide

Desktop icon Database icon Gear icon Earth icon
Consent icon Consent icon Consent icon Consent icon Consent icon Consent icon Consent icon Consent icon Consent icon Consent icon Consent icon Consent icon

Start generating

GDPR target shield icon

Does the GDPR apply to you?

The GDPR applies to organizations, companies, individuals, corporations, public authorities and other entities - including small businesses, charities and nonprofit organizations - that are either based in the EU, offer goods or services (even for free) to people in the EU, or that monitor the behaviour of people in the EU, either directly or as a third party.

What's required for GDPR compliance

GDPR world icon

Provide a Privacy and Cookie Policy

Requirement

Websites are required to provide a privacy policy and cookie policy. Apps don't generally make use of cookies, but they require a privacy policy anyway.

In order to meet GDPR disclosure and transparency requirements, this privacy information must be up-to-date, understandable, unambiguous, and easily accessible throughout the website or app.

Invalid document icon

Policies are invalid if they're missing the right information

In order to be compliant, your policy must at the very least:

  • describe the personal data collected and the purposes of their collection;
  • accurately list all the third parties the data is shared with; and
  • inform users of their rights in relation to their data.

Read more about what should be in a privacy policy

Solution
Privacy and Cookie Policy icon

Privacy and Cookie Policy Generator

Create your privacy and cookie policy in minutes.

Customizable from 1300+ clauses, available in 8 languages and automatically updated if the law changes, our generator allows you to create a legal document in minutes and seamlessly integrate it with your website or app.

Explore
Desktop cookie banner

Display a cookie banner and block cookies before consent

Requirement

If you operate in the EU or have EU users, and your website installs non-technical cookies, you need to comply with the ePrivacy Directive (Cookie Law), still valid under the GDPR.

In particular, you must:

Provide policy icon

Provide a compliant cookie policy

Display banner icon

Display a cookie banner at the user's first visit

Acquire consent icon

Block non-exempt cookies (e.g. via Google Analytics, Adsense etc.) before obtaining user consent

Profiling cookie icon

Release cookies only after informed consent has been provided (prior consent)

To ensure that their ad revenue is not negatively affected, Publishers should also consider meeting industry standards by

IAB TCF advertising preferences icon

utilizing IAB's Transparency and Consent Framework to allow users to set their advertising preferences

Explicit consent icon

collecting explicit consent to Google personalized ads

Solution
Cookie Solution icon

Cookie Solution

Manage consent preferences for the ePrivacy, GDPR, and CCPA. Integrated with the IAB TCF and US Privacy Framework.

Our solution allows you to display a fully customizable cookie banner, collect cookie consent, implement prior blocking, set advertising preferences, collect explicit consent to Google personalized ads and more.

Explore

Record and manage consent in a compliant way

Requirement

In order to make your forms GDPR compliant - regardless of how many users you have - consent must be freely given, informed, specific, and unambiguous.

Which means that your contact, newsletter and registration forms must clearly state your intentions, link to your privacy policy, and collect opt-in consent for different activities (pre-ticked checkboxes are forbidden).

You must also be able to demonstrate that consent was collected, retrieving:

User icon Plus icon Cursor icon
Checkmark empty icon Checkmark checked icon
Checkmark empty icon Checkmark checked icon
Cursor icon
Pencil icon Paper icon
Earth icon Shield icon
Acquire consent icon

When consent was provided

By whom icon

By whom

Which preferences icon

Which preferences were expressed

Provide policy icon

Which legal or privacy notice they were presented with at the time

Which form icon

Which form they were presented with at the time

Solution
Consent Solution icon

Consent Solution

Collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.

Our solution smoothly integrates with your consent collection forms, syncs with your legal documents and includes a user-friendly dashboard for reviewing consent records of your activities.

Explore
Checkmark marker icon Checkmark marker icon Checkmark marker icon Checkmark marker icon Pointed world icon

Maintain GDPR records of your processing activities

Requirement

To comply with the GDPR, you need to keep a record of how you store and use the data you collect from users.

In particular, you must document in writing:

Provide policy icon

Data retention policy for each processing activity

Security measures icon

Security measures

Legal basis icon

Legal basis for processing

Consent outside EU icon

Data transfer outside of the EU, if any

Profiling cookie icon

The parties that you share the data with, both inside and outside of your organization

Solution
Internal Privacy Management icon

Internal Privacy Management

Document all the data processing activity within your organization.

To comply with privacy laws, and particularly the GDPR, companies need to record how they store and use the data they collect from their users. Our solution allows you to easily document all the data processing activities within your organization.

Explore
Fine risk icon

Penalties and fines for GDPR non-compliance

The legal consequences for non-compliance can include fines up to €20 million or 4% of the annual worldwide turnover (whichever is greater). Not all GDPR infringements lead to fines: sanctions may include official reprimands, periodic data protection audits (which can result in being barred from using data associated with the violation — including entire email lists) and liability damages.

More about consequences of GDPR non-compliance

Trusted by over 60,000 clients in 100+ countries

Opengov logo Martini logo Mit logo Goethe logo Ustwo logo Newyorkcode logo Honda logo Jobtome logo The Spectator logo
Best reviewed GDPR Compliance Solution on Capterra with 5 stars

“If you, like me, are part of a smart team and hate updating your privacy policy every time you add some code to your site, then iubenda is for you. It's ridiculously affordable, and super easy to use.”

Start generating

TRY BEFORE YOU BUY or STAY WITH THE FREE OPTION

1542331 self-updating documents already generated

FAQ

What's considered personal data?

Personal data is information that relates to an identified or identifiable living person. This includes details that, when collected together, can lead to the identification of a person, like (but not limited to) name, IP address or personal email address.

Read More

What is a data breach and how to report it?

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

If an individual's data is breached, the individual must be notified as soon as possible and the supervisory authority notified within 72 hours of the breach's discovery.

Read More

A 360° solution to make your sites and apps compliant with the law

Compliance for websites and apps

Privacy and Cookie Policy icon

Privacy and Cookie Policy Generator

Create your privacy and cookie policy in minutes.

Customizable from 1300+ clauses, available in 8 languages and automatically updated if the law changes, our generator allows you to create a legal document in minutes and seamlessly integrate it with your website or app.

Explore
Cookie Solution icon

Cookie Solution

Manage consent preferences for the ePrivacy, GDPR, and CCPA. Integrated with the IAB TCF and US Privacy Framework.

Our solution allows you to display a fully customizable cookie banner, collect cookie consent, implement prior blocking, set advertising preferences, collect explicit consent to Google personalized ads and more.

Explore

Compliance for your organization

Consent Solution icon

Consent Solution

Collect GDPR consent, document opt-ins and CCPA opt-outs via your web forms.

Our solution smoothly integrates with your consent collection forms, syncs with your legal documents and includes a user-friendly dashboard for reviewing consent records of your activities.

Explore
Internal Privacy Management icon

Internal Privacy Management

Document all the data processing activity within your organization.

To comply with privacy laws, and particularly the GDPR, companies need to record how they store and use the data they collect from their users. Our solution allows you to easily document all the data processing activities within your organization.

Explore