Articles on: Cookie Consent

🇪🇺 How to Ensure GDPR Compliance with Hoppy Cookie Consent

GDPR requires websites to obtain clear, informed, and granular consent before storing or accessing non-essential cookies on a visitor's device.


This means a compliant cookie banner must do more than simply notify visitors about cookies. Visitors must be able to understand what they're consenting to and have meaningful control over their privacy choices.


Hoppy GDPR EU Cookie Banner helps support GDPR compliance through:


  • Granular consent categories
  • Consent logging
  • Region targeting
  • Cookie scanning and classification
  • Data request handling
  • Google Consent Mode V2 support
  • TCF v2.3 support


This guide walks through the recommended setup process for creating a GDPR-focused consent experience on your Shopify store.



✅ Before You Begin


Before configuring your banner:


  • Install the Hoppy GDPR EU Cookie Banner app.
  • Ensure you have access to Shopify Admin and Theme Editor.
  • Create and publish a Privacy Policy page.
  • Understand which cookies and tracking tools your store uses.


⚠️ This guide is intended to help configure the app and does not constitute legal advice. For legal requirements specific to your business, consult a privacy professional.



🛠️ Step 1 — Enable the App Embed


The cookie banner cannot appear on your storefront unless the App Embed is enabled.


How to Enable


Navigate to:


Shopify Admin → Online Store → Themes → Customize → App Embeds


Then:


➡️ Locate Cookie PopUp/Banner


➡️ Enable the App Embed


➡️ Click Save


Expected Result


The cookie banner becomes eligible to display on your storefront.



🛠️ Step 2 — Create and Publish a Cookie Banner


After enabling the App Embed, create your banner configuration.


How to Configure


➡️ Open Hoppy GDPR EU Cookie Banner


➡️ Click Create New Cookie Banner


➡️ Configure the banner content


➡️ Click Save


➡️ Click Publish


Expected Result


The banner becomes active on your storefront.


⚠️ Saving alone does not make the banner live.



🛠️ Step 3 — Use the Preferences Banner Type


GDPR requires visitors to be able to make granular consent choices.


How to Configure


Navigate to:


Banner Settings → Behavior → Banner Type


Select:


Preferences


Expected Result


Visitors can:


✅ Accept consent


✅ Decline consent


✅ Configure individual consent categories


Why This Matters


The Preferences banner type allows visitors to independently manage:


  • Analytics cookies
  • Marketing cookies
  • Functional cookies


This provides the granular control expected under GDPR.



🛠️ Step 4 — Configure Decline Behavior


Visitors must be able to reject non-essential tracking.


How to Configure


Navigate to:


Banner Settings → Behavior → Decline Behavior



Deny All Cookies


Expected Result


When a visitor declines:


  • Analytics consent becomes denied.
  • Marketing consent becomes denied.
  • Functional consent becomes denied.
  • Consent is logged automatically.


Alternative Option


Don't Deny Cookies & Do Nothing


⚠️ This option is generally not recommended for GDPR-focused setups because it does not record an explicit refusal.



🛠️ Step 5 — Configure Consent Categories


Visitors must understand what each category controls.


How to Configure


Navigate to:


Banner Settings → Content → Preferences Popup


Review and customize:


  • Strictly Required
  • Analytics
  • Marketing
  • Functional


Expected Result


Each category clearly explains:


  • What cookies are used
  • Why they are used
  • What functionality they enable



Navigate to:


Cookie Scanner & Manager


Verify that cookies are assigned to the correct categories.


💡 Analytics and Marketing cookies should be reviewed carefully to ensure accurate classification.



🛠️ Step 6 — Configure Region Targeting


You can display different consent experiences based on visitor location.


How to Configure


Navigate to:


Banner Settings → Region


Then:


➡️ Select GDPR regions


➡️ Or choose specific countries manually


Expected Result


The banner appears only for the selected visitors.


Common Approaches


EU + UK Visitors Only


or


Show Banner Globally


Many merchants prefer a global approach to provide a consistent privacy experience.



🛠️ Step 7 — Add a Privacy Policy Link


Visitors must be able to review how their information is collected and used.


How to Configure


Navigate to:


Banner Settings → Behavior → Privacy Policy Link


Choose one of the following:


Option 1


Auto Generate Privacy Policy


Option 2


Use Specific Privacy Policy


Expected Result


Visitors can access your Privacy Policy directly from the cookie banner.


Your Privacy Policy should explain:


  • Which cookies are used
  • Why they are used
  • Who receives the data
  • How visitors can exercise their privacy rights



🛠️ Step 8 — Scan and Classify Cookies


Knowing which cookies exist on your store is an important part of maintaining compliance.


How to Configure


Navigate to:


Cookie Scanner & Manager


Then:


➡️ Run a scan


➡️ Review discovered cookies


➡️ Verify category assignments


➡️ Add missing cookies manually if necessary


Expected Result


Every cookie is assigned to the correct consent category.


Cookies that cannot be classified automatically should be reviewed manually.



🛠️ Step 9 — Verify Consent Logging


GDPR requires businesses to maintain records of consent.


How to Check


Navigate to:


GDPR EU Cookie Banner → Consent Logs


Information Stored


Consent records include:


  • Consent choices
  • Timestamp
  • Event ID
  • Page URL
  • Anonymized IP information


Expected Result


Visitor interactions are recorded automatically whenever consent is submitted.



🛠️ Step 10 — Enable Data Request Handling


GDPR grants visitors rights related to their personal data.


The app includes tools that help manage these requests.


How to Access


Navigate to:


Consent Logs → Data Requests


Supported Request Types


  • Access Account Information
  • Edit Account Information
  • Delete Account Information


Expected Result


Visitors can submit privacy-related requests and merchants can track those requests within the app.



🛠️ Step 11 — Enable TCF v2.3 (Optional)


Stores working with advertising vendors in GDPR regions may benefit from enabling TCF v2.3.


How to Configure


Navigate to:


Integrations → TCF


Then:


➡️ Enable TCF


➡️ Configure vendors


➡️ Save changes


Expected Result


Consent is collected using the IAB Transparency and Consent Framework.


This is especially useful when working with advertising technologies that rely on TCF signals.



🛠️ Step 12 — Add Translations (Optional)


If your store serves multiple countries, translations help ensure consent remains informed and understandable.


How to Configure


Navigate to:


GDPR EU Cookie Banner → Translation


Then:


➡️ Add a language


➡️ Translate banner content


➡️ Activate the translation


Important


The language must already exist in:


Shopify Admin → Settings → Languages


Expected Result


Visitors see banner content in their preferred language whenever a matching translation exists.



🛠️ Step 13 — Test the Entire Setup


Before considering the setup complete, test the visitor experience.



➡️ Open the storefront in an Incognito window.


➡️ Simulate a GDPR-region visitor if using region targeting.


➡️ Confirm the banner appears.


➡️ Open the Preferences popup.


➡️ Enable and disable consent categories.


➡️ Save preferences.


Verify That


✅ Consent records appear in Consent Logs.


✅ Privacy Policy links work correctly.


✅ Data Request forms are accessible.


✅ Non-essential scripts only load when consent is granted.


✅ Google Consent Mode and TCF integrations behave as expected.



⚠️ Important Compliance Notes



Visitors should not be forced to accept non-essential cookies in order to use the store.




Visitors should understand exactly what they are agreeing to before consent is collected.




Consent should be collected through a clear action such as:


Accept


Save Preferences


Decline




Review Consent Logs regularly and retain records appropriately.




If a visitor withdraws consent, the corresponding tracking technologies should stop operating.



Global Privacy Control Takes Priority


When GPC is enabled and detected:


Marketing → Denied


Sale of Data → Denied


These settings override previously granted consent.




Cookies and integrations often change over time.


Periodic scans help ensure cookie classifications remain accurate.



🎉 Final Result


✅ Visitors can provide granular consent through the Preferences popup.


✅ Consent categories are clearly explained and properly configured.


✅ Consent records are stored automatically.


✅ Privacy Policy access is available directly from the banner.


✅ Cookie classifications remain organized and reviewable.


✅ GDPR-related privacy requests can be managed through the app.


✅ Google Consent Mode V2 and TCF v2.3 can be integrated when needed.


Following these steps helps create a transparent consent experience while ensuring visitor choices are respected across your storefront and connected integrations. ✨

Updated on: 14/07/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!