GDPR vs CCPA: what Webflow sites need to know

Whether your Webflow site serves EU users, California residents, or both, you need a consent banner. But GDPR and CCPA have very different requirements.

GDPR (European Union)

The General Data Protection Regulation requires opt-in consent for non-essential cookies. Visitors must:

• See a banner before any non-essential cookies are set
• Be able to reject as easily as accept (no "Accept all" without an equivalent "Reject all")
• Be able to grant or deny each category individually
• Be able to withdraw consent at any time

CCPA / CPRA (California)

The California Consumer Privacy Act and its amendment (CPRA) use an opt-out model. Sites must:

• Provide a "Do Not Sell or Share My Personal Information" link
• Honor the Global Privacy Control browser signal as an opt-out
• Allow visitors to opt out of data sharing for targeted advertising

How theConsent handles both

theConsent ships with both consent models built in. Geo targeting (Pro+) lets you show the GDPR banner to EU visitors and a simplified opt-out interface to California visitors. GPC is respected by default.

Penalties

• GDPR: up to €20M or 4% of global annual revenue, whichever is higher
• CCPA: $7,500 per intentional violation, $2,500 per unintentional

theConsent is not legal advice. Consult a lawyer for your specific situation.