PrivacyProof · food & beverage

GDPR privacy & cookie consent for food & beverage

GDPR + the cookie rules require a clear privacy policy, lawful opt-in for non-essential cookies, and a way for people to exercise their data rights. Check yours in 60 seconds.

In force EU rules food & beverage

What GDPR privacy & cookie consent means for food sellers

Food and beverage sellers face safety, labeling and packaging rules on the product side, plus the usual privacy, review and distance-selling duties for selling online.

Does this apply to you?

This rule applies to food sellers who collect personal data from visitors in the EU or UK. Collect data from EU/UK visitors? Check your privacy policy, cookie consent, and data-rights handling. Not sure? The free checker tells you in about a minute — no signup.

The checklist

You need to be able to answer "yes" to each of these — the points food sellers most often get caught on:

Do you have a published privacy policy?
Non-essential cookies (analytics/ads) load…
Can visitors reject cookies as easily as accept?
Is there a route to access/delete/correct data?
Do you state a lawful basis for processing?
Do you disclose third parties / processors?
Is there a privacy contact (and EU/UK rep if needed)?

What's at stake

⚠️ Exposure: up to €20M or 4% of global turnover (Art. 83) · Status: In force.

Compare the penalty for every rule →

Common questions

How does gDPR privacy & cookie consent affect food sellers?

Food and beverage sellers face safety, labeling and packaging rules on the product side, plus the usual privacy, review and distance-selling duties for selling online. Collect data from EU/UK visitors? Check your privacy policy, cookie consent, and data-rights handling.

Do I need a cookie consent banner?

If you serve EU/UK visitors and use any non-essential cookies (analytics, advertising), yes — they must load only after the visitor opts in, with a Reject option as easy as Accept.

What must a GDPR privacy policy include?

What data you collect, why, the lawful basis, who you share it with, how long you keep it, international transfers, and how to exercise data rights — in plain language, available at collection.

What are the GDPR fines?

Up to €20 million or 4% of global annual turnover, whichever is higher — plus regulator orders and reputational damage.

The source

RuleGoose checks this against the EU GDPR (Reg. (EU) 2016/679), UK GDPR + ePrivacy/cookie rules. Read it yourself: EUR-Lex — Regulation (EU) 2016/679 →

Check your GDPR privacy & cookie consent compliance — free.
Answer a few questions, see exactly where you're exposed, and draft the fix. No signup, runs in your browser. Run the PrivacyProof checker →

or get one RuleGoose Score across every rule a food & beverage business has to meet.

The full picture for food & beverage

GDPR privacy & cookie consent is one of several rules a food & beverage business has to meet. See the full food & beverage compliance checklist →, or read the platform-neutral GDPR privacy & cookie consent guide.

Same rule, other industries

GDPR privacy & cookie consent for SaaS → GDPR privacy & cookie consent for cosmetics & beauty → GDPR privacy & cookie consent for supplements & wellness → GDPR privacy & cookie consent for fashion & apparel → GDPR privacy & cookie consent for consumer electronics →

Informational only, not legal advice, and not affiliated with the EU. Last reviewed 2026-06-30.