GDPR + Cookie

Developed by

Not Version 9 Ready Yet.
Great tool to manage GDPR responsibilities on your website. Quick and easy to set up but with plenty of controls to …


GDPR stands for EU General Data Protection Regulation. This add-on will try to help you to make your website comply to this new regulation.

Who does the GDPR affect?

The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

What are the penalties for non-compliance?

Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements.

There is a tiered approach to the fines whereby a company can be fined 2% for not having their records in order (Article 28), not notifying the supervising authority and Data Subject about a security breach or for investigating and assessing the breach.

The GDPR add-on takes a lot of work out of your hands by providing a large set of tools.


  • It can scan several settings that might affect GDPR:
    • Is the connection secure?
    • Is email logging enabled?
    • The concrete5 background on the login page.
    • Is public registration enabled?
    • Is a non-default mail method active?
    • Are there geolocation services active?
  • It can scan blocks that might store / process user data:
    • It combines a manual list of block types with an automatic scan.
    • The automatic scan searches for files in the block folders for e.g. usage of the mail service or <form> tags.
    • It can mark block types as 'GDPR compliant'.
    • It can mark blocks on a page as 'GDPR compliant'.
    • It allows you to leave notes per block type on a page.
  • It can scan database tables that might store user data
    • It can mark tables as 'GDPR compliant'.
    • It marks core tables automatically as compliant depending on the current concrete5 version.
    • It allows you to leave notes per database table.
  • It can scan packages that might process user data
  • Various cleanup tools are provided:
    • Delete user logs when a user is deleted
      • Based on a user id
      • Based on an email address
      • Based on a username
    • Delete Express Form entries in bulk
      • It can install a job that automatically deletes express form entries.
      • Via a setting the number of days express form submissions may be kept before they are deleted can be controlled.
      • Via a setting it can be defined if associated files should also be deleted.
    • Delete Legacy Form entries
      • It can install a job that automatically deletes legacy form entries.
      • Via a setting to change the number of days legacy form submissions may be kept before they are deleted can be controlled.
    • It can install a job that can process data transfer requests.
    • It can delete or reassign orphaned files in bulk (files from users that have been deleted).
    • It can search and delete Log entries in bulk.
  • Data transfer
    • It shows you a list of data transfer requests.
    • It can install an automated job that processes requests.
    • It can send emails with a link to the secured download (via hash).
    • It can automatically expire those downloads.
    • It builds a zip file that contains user data (which can be enriched by other packages or custom code).
    • It contains a front-end block to request a data transfer.
    • See for more information the Data Transfer section.
  • Data breach
    • It adds the ability to notify users from a certain user group in case of a data breach.
    • The from email address, from name, subject, and email body can be customized.
  • Cookie consent
    • It can enable a cookie bar.
    • The colors and text are customizable and translatable.
    • It contains opt-in, opt-out, and notice options.
    • It enables or disables the tracking code depending on the consent.
  • A GDPR checklist helps you with the whole process
  • It can automatically remove user logs (based on user id, and/or email address, and/or user name).
  • It can disable tracking codes. (not delete, but disable!)
  • It can disable the concrete5 background image on the login page.
  • It can control settings regarding connections to

Translated to

  • English
  • German (tsilbermann & cahueya)
  • Dutch (a3020)
  • Italian (mlocati)

What others say about the GDPR addon

Cahueya: This Add-On is very well thought through and offers a lot of help for being GDPR compliant.

tsilbermann: With this add-on you have many different things that have to be considered for the GDPR in one place. Well done.

zuna: Fantastic addon.

j42: This plugin is very easy to use, self explanatory and works well so far. It is definitely worth the money - it not only saves you lots (!) of time, but it also makes sure you don't miss anything!


If you run an agency or just have a lot of websites, consider buying a pack.

Single license, $35  10 licenses, $249  Unlimited usage, $499

See all add-ons from A3020

Current Version: 1.8.3
Fully Translatable: Yes
Needs External Libraries: No
Compatible 8.2.1+
License: Standard
Support Response: Replies to tickets every few days.
Support Hosted: On
Needs extra server permissions: No
Needs Internet: No
Marketplace Tests:
Passed Automated Tests
Passed PRB Review