🇪🇺 How to Ensure GDPR Compliance with Hoppy Cookie Consent
GDPR requires websites to obtain clear, informed, and granular consent before storing or accessing non-essential cookies on a visitor's device.
This means a compliant cookie banner must do more than simply notify visitors about cookies. Visitors must be able to understand what they're consenting to and have meaningful control over their privacy choices.
Hoppy GDPR EU Cookie Banner helps support GDPR compliance through:
- Granular consent categories
- Consent logging
- Region targeting
- Cookie scanning and classification
- Data request handling
- Google Consent Mode V2 support
- TCF v2.3 support
This guide walks through the recommended setup process for creating a GDPR-focused consent experience on your Shopify store.
✅ Before You Begin
Before configuring your banner:
- Install the Hoppy GDPR EU Cookie Banner app.
- Ensure you have access to Shopify Admin and Theme Editor.
- Create and publish a Privacy Policy page.
- Understand which cookies and tracking tools your store uses.
⚠️ This guide is intended to help configure the app and does not constitute legal advice. For legal requirements specific to your business, consult a privacy professional.
🛠️ Step 1 — Enable the App Embed
The cookie banner cannot appear on your storefront unless the App Embed is enabled.
How to Enable
Navigate to:
Shopify Admin → Online Store → Themes → Customize → App Embeds
Then:
➡️ Locate Cookie PopUp/Banner
➡️ Enable the App Embed
➡️ Click Save
Expected Result
The cookie banner becomes eligible to display on your storefront.
🛠️ Step 2 — Create and Publish a Cookie Banner
After enabling the App Embed, create your banner configuration.
How to Configure
➡️ Open Hoppy GDPR EU Cookie Banner
➡️ Click Create New Cookie Banner
➡️ Configure the banner content
➡️ Click Save
➡️ Click Publish
Expected Result
The banner becomes active on your storefront.
⚠️ Saving alone does not make the banner live.
🛠️ Step 3 — Use the Preferences Banner Type
GDPR requires visitors to be able to make granular consent choices.
How to Configure
Navigate to:
Banner Settings → Behavior → Banner Type
Select:
Preferences
Expected Result
Visitors can:
✅ Accept consent
✅ Decline consent
✅ Configure individual consent categories
Why This Matters
The Preferences banner type allows visitors to independently manage:
- Analytics cookies
- Marketing cookies
- Functional cookies
This provides the granular control expected under GDPR.
🛠️ Step 4 — Configure Decline Behavior
Visitors must be able to reject non-essential tracking.
How to Configure
Navigate to:
Banner Settings → Behavior → Decline Behavior
Recommended Option
Deny All Cookies
Expected Result
When a visitor declines:
- Analytics consent becomes denied.
- Marketing consent becomes denied.
- Functional consent becomes denied.
- Consent is logged automatically.
Alternative Option
Don't Deny Cookies & Do Nothing
⚠️ This option is generally not recommended for GDPR-focused setups because it does not record an explicit refusal.
🛠️ Step 5 — Configure Consent Categories
Visitors must understand what each category controls.
How to Configure
Navigate to:
Banner Settings → Content → Preferences Popup
Review and customize:
- Strictly Required
- Analytics
- Marketing
- Functional
Expected Result
Each category clearly explains:
- What cookies are used
- Why they are used
- What functionality they enable
Review Cookie Assignments
Navigate to:
Cookie Scanner & Manager
Verify that cookies are assigned to the correct categories.
💡 Analytics and Marketing cookies should be reviewed carefully to ensure accurate classification.
🛠️ Step 6 — Configure Region Targeting
You can display different consent experiences based on visitor location.
How to Configure
Navigate to:
Banner Settings → Region
Then:
➡️ Select GDPR regions
➡️ Or choose specific countries manually
Expected Result
The banner appears only for the selected visitors.
Common Approaches
EU + UK Visitors Only
or
Show Banner Globally
Many merchants prefer a global approach to provide a consistent privacy experience.
🛠️ Step 7 — Add a Privacy Policy Link
Visitors must be able to review how their information is collected and used.
How to Configure
Navigate to:
Banner Settings → Behavior → Privacy Policy Link
Choose one of the following:
Option 1
Auto Generate Privacy Policy
Option 2
Use Specific Privacy Policy
Expected Result
Visitors can access your Privacy Policy directly from the cookie banner.
Your Privacy Policy should explain:
- Which cookies are used
- Why they are used
- Who receives the data
- How visitors can exercise their privacy rights
🛠️ Step 8 — Scan and Classify Cookies
Knowing which cookies exist on your store is an important part of maintaining compliance.
How to Configure
Navigate to:
Cookie Scanner & Manager
Then:
➡️ Run a scan
➡️ Review discovered cookies
➡️ Verify category assignments
➡️ Add missing cookies manually if necessary
Expected Result
Every cookie is assigned to the correct consent category.
Cookies that cannot be classified automatically should be reviewed manually.
🛠️ Step 9 — Verify Consent Logging
GDPR requires businesses to maintain records of consent.
How to Check
Navigate to:
GDPR EU Cookie Banner → Consent Logs
Information Stored
Consent records include:
- Consent choices
- Timestamp
- Event ID
- Page URL
- Anonymized IP information
Expected Result
Visitor interactions are recorded automatically whenever consent is submitted.
🛠️ Step 10 — Enable Data Request Handling
GDPR grants visitors rights related to their personal data.
The app includes tools that help manage these requests.
How to Access
Navigate to:
Consent Logs → Data Requests
Supported Request Types
- Access Account Information
- Edit Account Information
- Delete Account Information
Expected Result
Visitors can submit privacy-related requests and merchants can track those requests within the app.
🛠️ Step 11 — Enable TCF v2.3 (Optional)
Stores working with advertising vendors in GDPR regions may benefit from enabling TCF v2.3.
How to Configure
Navigate to:
Integrations → TCF
Then:
➡️ Enable TCF
➡️ Configure vendors
➡️ Save changes
Expected Result
Consent is collected using the IAB Transparency and Consent Framework.
This is especially useful when working with advertising technologies that rely on TCF signals.
🛠️ Step 12 — Add Translations (Optional)
If your store serves multiple countries, translations help ensure consent remains informed and understandable.
How to Configure
Navigate to:
GDPR EU Cookie Banner → Translation
Then:
➡️ Add a language
➡️ Translate banner content
➡️ Activate the translation
Important
The language must already exist in:
Shopify Admin → Settings → Languages
Expected Result
Visitors see banner content in their preferred language whenever a matching translation exists.
🛠️ Step 13 — Test the Entire Setup
Before considering the setup complete, test the visitor experience.
Recommended Testing Process
➡️ Open the storefront in an Incognito window.
➡️ Simulate a GDPR-region visitor if using region targeting.
➡️ Confirm the banner appears.
➡️ Open the Preferences popup.
➡️ Enable and disable consent categories.
➡️ Save preferences.
Verify That
✅ Consent records appear in Consent Logs.
✅ Privacy Policy links work correctly.
✅ Data Request forms are accessible.
✅ Non-essential scripts only load when consent is granted.
✅ Google Consent Mode and TCF integrations behave as expected.
⚠️ Important Compliance Notes
Consent Must Be Freely Given
Visitors should not be forced to accept non-essential cookies in order to use the store.
Consent Must Be Specific
Visitors should understand exactly what they are agreeing to before consent is collected.
Consent Must Be Unambiguous
Consent should be collected through a clear action such as:
Accept
Save Preferences
Decline
Consent Records Should Be Maintained
Review Consent Logs regularly and retain records appropriately.
Consent Withdrawal Must Be Respected
If a visitor withdraws consent, the corresponding tracking technologies should stop operating.
Global Privacy Control Takes Priority
When GPC is enabled and detected:
Marketing → Denied
Sale of Data → Denied
These settings override previously granted consent.
Review Cookie Usage Regularly
Cookies and integrations often change over time.
Periodic scans help ensure cookie classifications remain accurate.
🎉 Final Result
✅ Visitors can provide granular consent through the Preferences popup.
✅ Consent categories are clearly explained and properly configured.
✅ Consent records are stored automatically.
✅ Privacy Policy access is available directly from the banner.
✅ Cookie classifications remain organized and reviewable.
✅ GDPR-related privacy requests can be managed through the app.
✅ Google Consent Mode V2 and TCF v2.3 can be integrated when needed.
Following these steps helps create a transparent consent experience while ensuring visitor choices are respected across your storefront and connected integrations. ✨
Updated on: 14/07/2026
Thank you!