This post is a part of Made @ HubSpot, an internal thought series through which we extract lessons from experiments conducted by our very own HubSpotters.
GDPR (General Data Protection Regulation) is an EU law that protects the personal data of EU users and regulates how businesses process and handle this data.
GDPR has been around since May 2018, and per the European Council ruling on October 1, 2019, businesses — including HubSpot — can only drop cookies once a user has given explicit consent (i.e., clicked “Yes” on a cookie banner).
In short, you can’t imply consent if users take no action on the banner and continue to browse the site. Before a site visitor has taken any action, you can only drop “strictly necessary” cookies — cookies that make your website function, such as a shopping cart.
Once the new GDPR ruling was introduced, businesses scrambled to…