GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into force on 25 May 2018. It applies to all organisations that process personal data of EU residents, regardless of where the organisation is based. Non-compliance can result in fines of up to €20 million or 4% of global annual turnover, whichever is higher.

GDPR applies to you if your website or app:

• Is accessible to users in the European Union
• Collects personal data (e.g., names, emails, IP addresses, cookie identifiers)
• Uses analytics, advertising, or functional cookies

If you use any third-party tools (Google Analytics, Facebook Pixel, HubSpot, etc.), you almost certainly need a GDPR-compliant cookie consent solution.

Under GDPR, consent must be:

• Freely given — no pre-ticked boxes or consent bundled with other agreements
• Specific — separate consent for each purpose (analytics, marketing, etc.)
• Informed — users must know what they're consenting to
• Unambiguous — a clear affirmative action (e.g., clicking "Accept")
• Withdrawable — users can change their mind at any time

Cookify's consent banners are built to satisfy all five requirements out of the box.

Cookify maintains the following certifications and standards:

• SOC 2 Type II certified
• ISO 27001 in progress
• GDPR Data Processing Agreement available for all customers
• EU Standard Contractual Clauses (SCCs) in place
• Hosted on AWS EU-WEST-1 (Dublin, Ireland)

Our compliance team is here to help. Email us at gdpr@cookify.io or visit support.