Last updated: March 2026
Building a website or app that respects users’ privacy shouldn’t be that difficult. But, due to new technologies, tracking methods, and changing regional and EU-wide laws, it is. In fact, it’s incredibly easy to create a website that violates numerous privacy laws without even knowing it.
The reason for this is simple: the onus for compliance is not on the companies which provide the CMS, analytics package, cookie banner and other services you use. It’s on you, the website owner. So while many of these services can be compliant with European privacy laws, they are not compliant out-of-the-box.
So what do you need to know to be compliant? The short version:
- GDPR is Europe’s overarching data protection law.
- The ePrivacy Directive specifically covers cookies and electronic marketing.
Together, they set the rules for any website that has European visitors.
Full contents
1. General Data Protection Regulation (GDPR)
NEED TO KNOW
The big one. Europe’s overarching data protection law. If you collect any personal data from EU visitors (names, emails, even IP addresses) GDPR applies to you. If you’re the kind of person who likes to understand the ins and outs of the laws you need to comply with, we’ve got your bedtime reading sorted.
- GDPR Overview: What it is and what it means
- The 7 GDPR Principles in plain English
- The 6 Legal Bases for processing data
- Data Subject Rights — What your users can ask for
- What your privacy policy must include
- Do you need a Data Protection Officer?
2. ePrivacy
NEED TO KNOW
The cookie law. The ePrivacy Directive is the reason cookie banners exist. It covers cookies and tracking technology, electronic marketing (email, SMS etc.), and the confidentiality of communications.
- ePrivacy: What it is and why it matters
- Cookie Categories — which ones need consent?
- ePrivacy country by country
3. GDPR-compliant web analytics
Website Analytics is perhaps the biggest area of accidental non-compliance with GDPR and ePrivacy, simply because many website owners do not understand what they are installing, or how to configure it correctly.
- Analytics Tools and GDPR
- Google Analytics 4 and GDPR
- Adobe Analytics and GDPR
- Microsoft Clarity and GDPR
- Mixpanel and GDPR
- Hotjar and GDPR
Why trust this hub?
It might sound boring, but we’re passionate about digital privacy. Data collection on an industrial scale has been the norm for too long and, while laws are slowly catching up, implementation is only getting harder. The normal patchwork tech and martech stack required by modern businesses is painful for website owners to maintain, and almost impossible for non-technical legal teams to understand.
We’re building a modern alternative that bundles analytics, cookie consent, tag management and plenty more tools into a single cookieless and privacy-respecting tool. It’s open source, so you know there’s nothing strange hidden in the source code. It’s also self-hosted, so you can keep all your data within your own infrastructure. We’d love for you to give it a try.