Europe and UK (GDPR - General Data Protection Regulation)

What is the GDPR regulation and what is its scope?

GDPR can be regarded as the most robust set of data protection regulations globally, revolutionizing individuals' access to information about themselves and imposing limitations on organizations regarding the handling of personal data and cookie consent. GDPR came into force on May 25, 2018. European countries were granted the authority to tailor the regulations to meet their specific requirements. Within the United Kingdom, this adaptability led to the enactment of the Data Protection Act (2018), superseding the previous Data Protection Act of 1998.

At the core of GDPR lie personal data. Broadly speaking, this encompasses information that enables the direct or indirect identification of a living individual based on the available data. While some identifiers are obvious, such as a person's name, location data, or a clearly identifiable online username, others may not be immediately apparent. For instance, IP addresses and cookie identifiers can also fall under the scope of personal data.

Despite its origins in the EU, GDPR can extend its reach beyond the region, encompassing businesses headquartered elsewhere. If, for instance, a company in the United States conducts operations within the EU, GDPR may be applicable. Furthermore, it applies to any entity that controls the data of EU citizens, irrespective of its location.

If you want to know more about the different regulations you can access our article "Laws and regulations for each region"

What should a GDPR banner look like? 

To comply with the GDPR regulation, your consent banner should have the following characteristics:

• Include a Button to Accept Cookies: The text in the cookie banner and the button must make it clear that by clicking the button the user agrees to the deployment of cookies, this is known as Opt-in consent. 
• Include a Button to Reject Cookies: Must include a statement telling the user that they can deny the consent of data collection and a button that allows them to do so.
• Provide Detailed Information About Cookie Use: The cookie banner should contain information about why the website uses cookies. For example, does it collect data for analytics, advertising, or social media purposes?
• Alert the User if the Website Shares Data with Third-Party cookies: If the website shares the data collected through cookies with third parties the cookie banner should explain this.
• Link to the Website’s Cookie Policy: Here the website will provide further information about the cookies in use on the site, including a list of all the cookies.

Observations: Countries in this region need to use illow's GDPR banner.

If you want to know the different types of banner cookies that you can find on our platform, access our article "Types of banners you will find on our platform"