GDPR guide
The General Data Protection Regulation (GDPR) is the privacy law that applies to anyone collecting personal data from people in the European Union, plus the UK and several other European countries. This page explains what the GDPR expects from your website, and how One Privacy helps you meet those expectations.
Who the GDPR applies to
You're affected by the GDPR if any of these are true:
Your business is based in the EU, UK, or EEA.
You sell to or market to people in those regions.
Your website attracts visitors from those regions.
In practice, almost every public website on the internet has GDPR considerations.
What the GDPR expects from your website
A few rules that matter most for cookies and tracking:
Consent before non-essential cookies. Cookies that aren't strictly necessary (analytics, marketing, personalization) require the visitor's permission before they run.
Consent must be a clear, affirmative action. Pre-ticked boxes don't count. Visitors must actively choose to accept.
Reject is as easy as Accept. A "Reject All" must be just as findable and just as easy to click as "Accept All".
Granular choice. Visitors should be able to accept some categories and reject others.
Easy to change. Visitors must be able to change their mind any time, after the initial choice.
A record of consent. You should be able to demonstrate when and how each consent was given.
How One Privacy helps
Opt-in banner with three clear actions. Accept All, Reject All, and Manage Settings, all on the first banner. See Visibility settings.
Granular categories. Visitors can accept Functional and reject Marketing in two clicks. See Cookie settings popup.
A way to come back. The persistent floating button lets visitors reopen their preferences any time. See Floating cookie settings button.
A complete consent record. Every Accept, Reject, and change is saved, with timestamps and the categories chosen. See Consent audit overview.
Region-aware behavior. If you serve a global audience, set up a geo rule that targets EU visitors with the strictest banner. See GDPR vs CCPA rules.
What's still on you
One Privacy handles the consent layer. To fully comply with the GDPR, your business will also need to:
Have a clear lawful basis documented for any processing that doesn't depend on consent (legitimate interest, contract, legal obligation, etc.).
Provide a way for visitors to exercise their data subject rights (access, deletion, portability).
Have a process for data breach notification within 72 hours.
Your legal team can help with these. One Privacy keeps the cookie and consent part working for you.