Are you doing GDPR correctly?

November 15, 2021
Are you doing GDPR correctly?

As a website conversion software provider, it’s inevitable that our clients use our tools to obtain personal data. Our tools can naturally be used while completely abiding to GDPR as we host all of our customer data in Europe

But do our customers comply with GDPR from their own end? So many companies failed to comply. Some appear to comply but did not do it correctly. Whether it was intentional or not, they all had to pay a heavy fine that can go up to millions.

We want to lessen our customers’ stress about GDPR, consent, and cookies so we launched a GDPR Cookie Controller to provide an easy way for them to do GDPR correctly!

What is GDPR?

GDPR stands for General Data Protection Regulation that controls how companies handle personal data. 

To be GDPR compliant, consent as to how one’s personal data is processed must be “given by a clear affirmative act establishing freely given, specific, informed and unambiguous indication”. - GDPR, Recital 32.

How do you collect and store consent and data in such a way? With cookies.

What are cookies?

Cookies are what online services use to store user data on their own devices. When you enter a website and have to choose between “allow all cookies”, “don’t allow cookies”, or “customize your choices” by ticking on boxes, these are “clear affirmative acts” that establish the required consent mentioned above.

how to be GDPR compliant - cookies


Cookies are used so that a visitor can be identified as the same visitor on different visits to the website. A cookie can be generated when someone browses your website, adds a product to your cart, and puts their information in a contact form. 

There are 3 types of cookies: strictly necessary cookies, functional cookies, and marketing cookies.

how to be GDPR compliant - cookie choices


Strictly necessary cookies are needed to ensure the basic function of a website. For example, when you are adding a product to your cart, securely signing in, or paying bills online. It is the only type of cookie that is allowed by law to be collected without consent. However, users must still be informed of its presence and why it is being collected.

Functional cookies are needed for analytics tools to function on your website. For example, your Google Analytics and Hotjar tools.

Marketing cookies record your visit to a website, the pages you have visited, and the links you have followed. It is used to make website content and advertising more personalized to your interests. Your data may also be shared with third parties for this purpose. For example, your Facebook Pixel, which allows you to retarget website visitors on Facebook.

Are you collecting cookies correctly?

These are some of the latest GDPR updates (not all) on consent management and cookies:

  1. You should be able to say no as easily as you can say yes
  2. You should be able to withdraw consent as easily as giving consent
  3. Cookies must be classified and described
  4. The cookie mechanism must not block access
  5. An entry log must be kept from cookie selections
  6. Pre-ticked boxes are not “freely-given” consent
  7. Cookie notice that said “by using this site, you accept cookies.” is not valid consent.

Fines from not complying with GDPR

For less severe cases, Article 83(4) GDPR declares fines of up to “10 million euros, or, in the case of an undertaking, up to 2% of its entire global turnover of the preceding fiscal year, whichever is higher”.

For more severe cases, Article 83(5) GDPR, the maximum fine can be up to “20 million euros, or in the case of an undertaking, up to 4% of their total global turnover of the preceding fiscal year, whichever is higher”.

However, fines are handled on a case-by-case basis, so even the maximum fine can be bigger than what’s mentioned above. More on fines here.

GDPR only comes after big companies? Not!

You’ve read famous cases like Amazon being fined €746 million or WhatsApp €225 million. But these are big companies and these fines are pretty much just a slap on their wrists. Even for less severe cases, 2% of your entire global turnover is a huge financial blow for small growing companies.

For example, Secure Home Systems Ltd - a small home security and CCTV provider in the UK was fined £80,000 for making unsolicited phone calls to numbers they’ve purchased through a third-party data supplier but did not do their due diligence to ensure the consent was attached.

How easy is it to comply with GDPR?

Now that you know what is required to be GDPR compliant, even though it looks like a lot, it’s actually very easy to do it correctly with the Serviceform’s GDPR Cookie Controller!

But first thing first, you need to figure out what kind of cookies is your website collecting, are you doing it correctly and if you need a cookie compliance tool. You can use our free Cookie Checker for this: https://www.serviceform.com/cookie-checker.

The tool will scan for the most common cookies - and only from your front-page.

Try Servicefrom GDPR Cookie Controller

Let us worry about the cookies. Serviceform Cookie Controller is lawyer-approved, constantly updated with the latest GDPR, and translatable to any language.

If you want to see it in action, book a time with our chatbot to try the Cookie Controller!

The only cookies worth going crazy over are those yummy double chocolate chips cookies that your granny made 👵🍪


"I was expecting Serviceform just to move our traditional contact forms to their conversion tools to improve our customer experience.

I was surprised how I didn't have to spend more time on improving our conversions on the website. All I had to do was attend one simple onboarding meeting and they increased our website conversion by 47%"