The General Data Protection Regulation (GDPR) is the EU's data protection law that applies to any website that processes personal data of EU residents. Non-compliance can result in fines of up to 20 million euros or 4% of global annual revenue.
What GDPR Requires for Cookies
Under GDPR and the ePrivacy Directive:
1. Prior consent - you must obtain explicit consent before setting non-essential cookies
2. Informed consent - visitors must be told what cookies are used and why
3. Granular consent - visitors must be able to accept or reject individual cookie categories
4. Easy withdrawal - it must be as easy to withdraw consent as to give it
5. Proof of consent - you must maintain records of consent for auditing
How LegalBanner Satisfies Each Requirement
| Requirement | LegalBanner Feature |
|-------------|-------------------|
| Prior consent | SDK blocks all non-essential scripts until consent is given |
| Informed consent | Banner displays cookie categories with descriptions |
| Granular consent | Four consent categories: Essential, Analytics, Marketing, Functional |
| Easy withdrawal | Visitors can change preferences anytime via the floating preferences button |
| Proof of consent | Consent events are logged with timestamp, IP hash, user agent, and choices |
Consent Log Retention
GDPR does not specify an exact retention period for consent records, but regulators expect you to retain them for a "reasonable" period. LegalBanner retention by plan:
Free: 7 days
Starter: 1 year
Pro: 5 years
Data Processing
LegalBanner processes consent events on your behalf. The data stored includes:
Hashed IP address (not the full IP)
User agent string
Consent choices per category
Timestamp
Banner version shown
No personal data beyond what is necessary for consent management is collected or stored.