Compliance
Practical guidance on meeting data protection requirements across jurisdictions, from implementation steps to ongoing compliance management. Learn how to audit your website for compliance gaps, set up proper consent mechanisms, maintain documentation, and prepare for regulatory inspections and enforcement actions.
Amazon Consent Signal (ACS): What It Is, How It Works, and Why Your Website Needs It
Amazon Consent Signal (ACS) is Amazon's proprietary consent framework for communicating user privacy choices to Amazon Ads. If your website runs Amazon advertising in the UK or EEA, you must pass a valid consent signal - either through IAB TCF or ACS - or risk losing campaign functionality.
WordPress Session Cookies: What They Are, How They Work, and When You Need Consent
WordPress sets several session cookies by default to handle authentication, admin preferences, and comment forms. Most qualify as strictly necessary under the ePrivacy Directive, but third-party plugins and WooCommerce extensions can add session cookies that fall outside that exemption.
Scheduled Cookie Scans: Why a One-Off Audit Is Never Enough
A single cookie scan tells you what your site sets right now. Scheduled scans tell you what changed since last time - new third-party scripts, miscategorised trackers, or consent gaps that appeared after a plugin update. For any site that adds content, embeds tools, or installs integrations, automated recurring scans are the only reliable way to keep cookie declarations accurate and stay on the right side of GDPR, the ePrivacy Directive, and CCPA.
CCPA Data Classification: The 11 Categories of Personal Information Your Website Might Collect
California's CCPA classifies personal information into 11 distinct categories, from direct identifiers like names and IP addresses to inferences drawn from browsing behaviour. Understanding which categories your website collects through cookies and tracking scripts is the first step toward compliance.
What Are Google Ads Cookies? How They Work, Which Ones Your Site Sets, and How to Stay Compliant
Google Ads relies on a handful of first-party and third-party cookies to track conversions, build remarketing audiences, and measure campaign performance. Every one of these cookies falls under advertising or analytics categories, which means consent is required before they fire in the EU, UK, and most other jurisdictions with cookie laws.
The CAN-SPAM Act: A Compliance Guide for Businesses Sending Commercial Email
The CAN-SPAM Act regulates every commercial email sent to a US recipient, including B2B messages. Penalties reach $53,088 per non-compliant email, and the FTC imposed its largest-ever CAN-SPAM fine of $2.95 million in 2024. This guide covers the seven core requirements, how they differ from GDPR, and what to do next.
How to Comply with Google's EU User Consent Policy: A Step-by-Step Guide
Google now enforces its EU User Consent Policy through Consent Mode v2, disabling conversion tracking, remarketing, and audience building for non-compliant websites. This guide explains what the policy requires, how enforcement works since July 2025, and the practical steps to bring your site into compliance.
Japan's Act on the Protection of Personal Information (APPI): What Website Owners Need to Know
Japan's Act on the Protection of Personal Information (APPI) governs how businesses collect, use, and transfer the personal data of individuals in Japan. Unlike the GDPR, APPI does not treat cookies as personal information by default - but recent amendments to the Telecommunications Business Act now regulate how cookie data is transmitted to third parties.
What Is the UAE PDPL? A Practical Guide to the Personal Data Protection Law for Website Owners
The UAE's Personal Data Protection Law (PDPL) sets out strict rules on how organisations collect, store, and process personal data of individuals in the Emirates. With fines reaching AED 5 million and executive regulations still pending, the law sits in an unusual space - already binding in principle, yet still awaiting the details that will trigger full enforcement.