Iubenda logo
Start generating


Table of Contents

Cookie consent: what are the GDPR requirements?

There’s a lot of misinformation about how cookies relate to the GDPR, and responsibilities website owners have when it comes to consent. Does the GDPR apply to cookies? What are the GDPR cookie consent requirements?

In this article, we’ll clear up the confusion surrounding cookies and the GDPR and we’ll explore what’s required to obtain valid consent for cookies.

GDPR cookie consent requirements

But first, what exactly are cookies?

A cookie is a small file that’s sent from a website and stored on a user’s computer. Once installed, cookies can send information about the visitor’s activity back to the website and enable a more personalized user experience.

In the EU, cookies don’t fall directly under the GDPR. Instead, cookies are handled by the ePrivacy Directive (also known as Cookie Law). 

However, both laws now work together, complementing each other. 

More on cookies

This article is a part of our series on cookies and cookie consent. Read also:

👉 Third party cookies: What you need to know

Cookie consent: Cookie Law and GDPR

Cookie Law

If your website can be visited by European users, and it installs non-technical cookies, the Cookie Law requires you to:

  • provide a compliant cookie policy;
  • display a cookie banner at the user’s first visit;
  • block non-exempt cookies before obtaining user consent; and
  • release cookies only after informed consent has been provided.

Most importantly, you have to give visitors the opportunity to provide, withdraw or refuse consent. Prior to consent, no cookies — except for exempt cookies — can be installed.

💡 Click here for the complete overview


As we mentioned, the GDPR doesn’t directly apply to cookies, but still some of its requirements may extend to them as well. 

For example, while the Cookie Law does not explicitly require that you keep records of consent for cookies, in most cases cookies do process personal data. That’s why you may need to keep records of consent.

Moreover, many Data Protection Authorities across the EU have also aligned their cookie and tracker rules to GDPR requirements

Complying with GDPR cookie consent requirements is easy with iubenda!

The Cookie and Consent Preference Log is now available in our Privacy Controls and Cookie Solution. Simply integrate this feature with one click, and you can easily store and manage GDPR proofs of your users’ consent.

How iubenda can help you manage cookie consent

Our Privacy Controls and Cookie Solution allows you to manage all aspects of the Cookie Law. In particular, you can:

  • easily inform users via cookie banner and a dedicated cookie policy page;
  • obtain and save cookie consent settings;
  • preventively block cookies prior to consent;
  • keep track of consent and save consent settings for each user for up to 12 months from the last site visit; and
  • keep records of your users’ preferences about cookies.

About us


Cookie consent management for the ePrivacy, GDPR and CCPA


See also