GDPR Compliance Made Easy

Confirm Consent

A simple and streamlined way to confirm a user’s initial acceptance or rejection of cookie collection

Select Purpose

A transparent system of verifying the intent of collecting a user’s cookies, and giving the option to opt in or out

Indicate Company

A comprehensive record of company-level information that allows users to monitor and control the recipients of cookie collection

Access Data Rights

A centralized database where users can review the latest privacy policies and information pertaining to their cookie collection

Install Tools In 3 Easy Steps

Step 1

Create or login to your existing account

Step 2

Copy your unique code

Step 3

Paste the code in your <head>

Our Stance on Consumers’ Privacy Rights 

ShareThis supports the IAB Europe’s GDPR Transparency & Consent Framework and believes this is an excellent way to keep the open web “open,” and to provide room for a robust advertising landscape that enables full transparency for all participants–starting with users. The IAB Framework is a cross-industry standard that supports publishers and their partners. The effort addresses “first parties”(publishers) and other suppliers of online services, who partner with “third parties” (solution providers like ShareThis). The goal is to enable digital media companies and relevant parties who work with them, to process user data via legal bases laid down by the GDPR directive, which puts data rights more openly in the hands of consumers.

Frequently Asked Questions

What is GDPR?

GDPR (General Data Protection Regulation) is a European regulation to provide EU citizens and residents with greater control of their personal data and to streamline the rules for international businesses working in Europe.

When does GDPR take effect and who has to comply with GDPR?

GDPR goes into effect May 25, 2018. GDPR affects all companies based in the EU as well as companies anywhere in the world that handle data related to EU residents.

What is “Personal Data” as it relates to GDPR?

Under GDPR personal data refers to any information that can directly or indirectly identify an individual. Personal information ShareThis collects includes cookies and IP addresses. We do not collect emails, addresses, phone numbers, or national ID numbers which is also considered personal information.  

What is a Data Protection Officer (DPO)?

A DPO is required for companies that handle large scale processing of data. The DPO’s role is to monitor the company’s compliance under GDPR and to communicate with the data protection authorities. ShareThis is working with a DPO.

What is a CMP?

A consent management platform (CMP) is a tool that collects and stores consented data as well as communicates the consent status of users and their cookies to other vendors within the CMP’s framework. It is customizable by the publisher and editable by the consumer.

Are you a member of any self-regulating programs or organizations? Have you any data-related certification?

ShareThis is a member of the IAB, NAI, and DAA in the North American markets and EDAA in Europe.

How do you manage requests from individuals regarding their data?

For consumers who wish not to have their data processed, or to request withdrawal of consent or deletion of data, our existing opt-out procedure can be found on our privacy page or emailed to privacy@sharethis.com.

How long can you keep personal data?

We believe Usage Data is relevant for up to 13 months so we retain that data for up to 14 months from the date of collection.  Our cookies expire 13 months after they are last updated.

What do I need to do to comply with GDPR?

Please review the ShareThis Terms of Use for what ShareThis expects of our publishers in order to be GDPR compliant and to continue using ShareThis tools. Included in our Terms of Use:

• ShareThis expects that by maintaining our publisher tools on your website, you agree to these terms of service and will collect, process, and pass personal data on the basis of this consent.
• To receive consented data, we expect our publishers to have a GDPR compliant consent mechanism of choice on their website.
• ShareThis expects our publishers to collect, process, and transfer EU/EEA User Personal Data to ShareThis once they have solicited and obtained informed consent from each individual user.

If I choose to show the tool to people only in the EU, how can I check to make sure it’s working?

There are many free and paid VPN services that you can use to check the appearance of your site in other geographic regions. ShareThis has used https://www.personalvpn.com/.

If I use the Compliance Tool am I compliant with GDPR?

In order to be GDPR compliant with ShareThis, ShareThis expects a publisher to use a consumer management platform of their choosing, which can include the ShareThis GDPR Compliance Tool.  Our publishers must collect, process, and transfer EU/EEA User Personal Data to ShareThis only after it has been solicited with obtained informed consent from each individual user.  For general GDPR compliance, please seek legal counsel to understand how the law affects your publisher business in full.

Still have questions? Visit our full FAQs support page.