16. August 2022

Personal data

GDPR-compliant data processing explained

By Mira Suleimenova

Compliant data processing: the GDPR explained

The GDPR is the centerpiece of EU privacy law. It applies to the processing of all personal data, i.e. data, which can be attributed to a specific person.
After the initial access to the information on the end user device through cookies or other web trackers is established, all of your subsequent processing, e.g. forwarding usage data for reach measurement or targeted advertising, is no longer covered by the ePrivacy Directive and is to be measured solely against the standard of the GDPR.

Controller & Processor

If you operate a website, you are considered a controller within the meaning of GDPR regarding the processes you have influence on, namely the collection and transmission of personal data on your website. Therefore, you must thoroughly inform your visitors about the scope, purpose and legal basis of your data processing.

If you let another (natural or legal) person process the personal data on your website for you, this person is considered a processor under GDPR. In such cases, you must conclude a data processing agreement with your processors, which guarantees compliance with the GDPR level of data protection through sufficient technical and organizational measures.

Data processing legal bases & activities

The GDPR gives you more flexibility regarding the justification of your data processing than the ePrivacy Directive as there are more legal bases available. Commonly, data processing is based either on user consent, performance of contract or a legitimate interest. The pursuit of a legitimate interest comes into consideration only if the processing is necessary for your legitimate interests.

Please be aware that this only serves informational purposes and does not constitute legal advice.



Case Study – How Pixum generated up to 44% more orders in Safari browsers with JENTIS


What is Server-Side Tracking?

A detailed overview of server-side tracking for online marketers and web analysts. Learn if it is the right fit for you and your marketing.


Google Consent Mode V2 in two minutes

Google’s new Consent Mode V2 requires you to adjust your tracking settings by March 2024. Here's what you need to know.