GDPR Cookie Consent: Requirements & How to Comply?

Table of contents

What are the two types of consent regimes?

When it comes to relying on a user’s consent as a lawful basis of data processing, global privacy regulations can be classified as either an opt-in or opt-out consent regime.

Opt-in consent

In an opt-in consent regime, user consent is required before processing their personal data, and users are explicitly asked to provide their consent and they are free to grant or deny consent. Some of the examples of opt-in consent regimes are the European Union, Brazil, and New Zealand.

Opt-out consent

In an opt-out consent regime, the user’s consent is not required before the processing of personal data. However, organizations are still required to provide users an option to object to the processing of their data and provide relevant information about the use of cookies. Some of the examples of opt-out consent regimes are the United States, Hong Kong, and Estonia.

Is European Union an opt-in consent regime?

The General Data Protection Regulation (GDPR) and e-Privacy Directive are two major laws that govern the use of cookies and other tracking technologies in the European Union (EU).

How do organizations collect user consent?

Organizations subject to GDPR and e-Privacy Directive must ensure that the cookie consent banner includes the following:

How Securiti can help?

Where organizations leverage consent as a legal basis of data processing, they must ensure that all elements of valid consent are fulfilled. Securiti’s PrivacyOps approach, based on automation, enables organizations to ensure adequate fulfillment of valid consent and effective cookie consent management in the following manner:



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store