GDPR for Shopify

GDPR compliance for Shopify, in five minutes.

Default-deny banner, Google Consent Mode v2, geo-targeted to EU/UK visitors, and an audit-ready consent log — installed without code in under five minutes. Free under 5,000 banner views per month.

Join the waitlistRead the GDPR guide
  • Article 5(3) script blocking
  • Google Consent Mode v2 native
  • GDPR webhooks handled

Everything GDPR requires, none of the developer time.

Built around Shopify's Customer Privacy API and theme app extension architecture, so it survives theme updates and uninstalls cleanly.

Default-deny banner

Three-layer script blocking ensures GA4, Meta Pixel, TikTok, and Klaviyo never fire before consent — not just record-and-decorate, actual blocking.

Geo-targeted to the EU

Show the banner only to EU/UK/EEA visitors so US customers aren't bothered. Geo-IP detection on the edge, no extra setup.

Cookie scanner

Crawls up to 500 pages of your storefront and reports every cookie set, every script loaded, and a 0–100 compliance score.

Audit-ready consent log

Every consent decision is logged with hashed IP, timestamp, region, and banner version. Exportable as CSV for DPA audits.

Per-cookie disclosure

GDPR Article 13 requires you to tell visitors what each cookie does. We auto-generate this from the scan, kept in sync with your store.

Right-to-erasure handled

Shopify's GDPR webhooks (customers/data_request, customers/redact, shop/redact) are wired correctly so deletion requests propagate within 30 days.

The four-step setup

  1. 1

    Install from the Shopify App Store

    One click. Free to install. Approves the read_themes scope so we can detect whether the banner embed is enabled.

  2. 2

    Pick 'EU/UK' compliance posture

    Onboarding picks the right defaults: default-deny, granular categories, EU-targeted geo lock.

  3. 3

    Enable the theme app embed

    Click the deep link, flip the toggle, click Save. No code, no theme.liquid edits.

  4. 4

    Run a cookie scan

    Catalogues every cookie and tracker. Generates the per-cookie disclosure for your preferences modal.

GDPR FAQ for Shopify merchants

Do all Shopify stores need to be GDPR compliant?
If your store has any visitors from the EU, UK, EEA, or Switzerland, yes. GDPR (Article 5(3)) requires opt-in consent before non-essential cookies are set. Shopify's stock storefront does not block tracking scripts before consent, so you need a third-party CMP.
Is Shopify's built-in cookie banner GDPR compliant?
No. The Dawn 12+ built-in banner records the user's choice but does not block tracking scripts (GA4, Meta Pixel, Klaviyo) before consent. It also doesn't provide granular per-category consent or a consent log — both required by GDPR for proof of compliance.
What's the fine for GDPR non-compliance?
Up to 4% of global annual revenue or €20M, whichever is greater. In practice, small Shopify stores typically face fines from €5,000 to €50,000 from individual EU data protection authorities (DPAs) when complaints are filed by watchdog groups like NOYB.
Can I just block all EU traffic instead?
Technically yes, but it's a bad commercial decision unless you genuinely don't sell to the EU. Geo-blocking has to be airtight (VPNs and proxies will leak), and you still need to handle accidental EU customers correctly. Adding a compliant banner is faster and cheaper.
Does Consentico handle GDPR webhooks?
Yes. Consentico implements the three required Shopify GDPR webhooks (customers/data_request, customers/redact, shop/redact) and processes deletion requests within 30 days as required by Article 17 of GDPR.

Want the long version? Read our complete Shopify GDPR compliance guide →

Ready in five minutes. No code, no card.

Free forever for stores under 5,000 banner views per month.

Join the waitlistSee pricing