How to comply with EU GDPR Cookie Compliance Regulation?
What is a cookie?
A cookie is a small piece of data stored on the user’s computer by the web browser while browsing a website. Cookies enable organizations to track, use and store user behavior. Data Privacy regulations such as EU GDPR, EU e-Privacy Directive have defined cookie compliance differently, but hefty penalties for non-compliance are found in all of them.
Cookie compliance in EEA - European economic area
Cookies provide a great deal of insight into their users’ online activity. Despite their importance, the regulations governing cookies are split between the GDPR and the e-Privacy Directive.
With the passing of Directive 2009/136/EC, known as the Cookie Law, the European Parliament has mandated organizations to obtain informed consent from all the website visitors before they drop or store cookies on a visitor’s computer. Policies have been modified from time to time by all the countries in the EU.
The EU Cookie Legislation specifies four basic requirements from website owners:
- Let visitors know the cookies that are in use when users access their website.
- Provide information to users about the purpose and the data each cookie tracks.
- Let visitors have an option to accept or decline cookies.
- Do not place cookies if the website visitors decline them.
- Maintain documentation of all the cookie consent logs.
Step 1
Identify cookies used by your website
The first step is to know which cookies does your website place on your visitor’s device. There are essentially two types of cookies – first-party and third-party cookies that need to be identified by scanning your website.
First-party cookies are created and stored by the host domain – the domain user is visiting, allowing website owners to collect analytics data, remember language settings and perform other useful functions that help provide a good user experience.
Third-party cookies created by domains other than the one user is visiting and are mainly used for tracking and advertising purposes. For example, Providers of advertising, retargeting, analytics and tracking services, etc.
Step 2
Configure and display your cookie consent banner
Cookie consent banners are small pop-up notifications that appear on the first visit to a web page. It displays information about the cookies the page will load and takes user consent before loading them.
GDPR specifies the website owners to obtain explicit consent from visitors for dropping cookies, which can be implemented through Cookie Consent Banner.
Step 3
Create and display your cookie policy
A cookie policy is a declaration to your website visitors on what cookies are active on your website, what data they track, what purpose and where the data is sent.
The basic rule is to tell visitors that the cookies are there and explain what these cookies are doing and why, and get the person’s consent to store a cookie on their device.
A cookie policy includes:
- Kind of cookies placed.
- Detailed purpose of cookie collection.
- Third-party cookies and their respective policies.
Kinds of cookies and their purposes:
- Essential: Essential Cookies are necessary for the website to function and store the preference settings selected by a user for this website. These cookies cannot be deactivated by the user and do not store any personal information.
- Marketing: Marketing cookies are used to target advertising to a user or track the user on a website or across several websites for similar marketing purposes often served by third-party companies and track a user across websites.
- Analysis: Analysis cookies allow us to analyze website visits and traffic sources (e.g., number of visits, time spent on the site) to measure and improve our website’s performance.
- Functional: These cookies allow enhanced functionalities when accessing or using organizations’ websites and services.
Step 4
Track and record cookie consents
Cookie consent to collect the personal data under GDPR must be informed, explicit and unambiguous.
Cookie consent is the term for when users consent to letting a website activate its cookies and trackers that process personal data and the cookie law needs informed consent of the user before storing cookies on a user’s device and/or tracking them.
You must allow visitors to provide, withdraw or refuse cookie consent. No cookie-related scripts can run on your website unless consent is obtained.
How mandatly helps?
Mandatly provides cookie and consent management solution without complex configuration or maintenance.
- Website Scanning: Mandatly technology provides various scanning levels to Detect first and third-party cookies, Trackers (plugins and social media implementations). Automatically classify cookies. Schedule periodic scans on your website and Keep your cookie policy updated with the auto-generated list of cookies.
- Custom Cookie Banner: Mandatly offers a fully configurable solution for banner settings & personalization to prepare your custom cookie banner and ancillary features that describe the cookies collected and their purposes.
- Preference Center: Mandatly helps you build a central preference center across multiple domains. Enables a link to the policy to ensure your privacy policy addresses your cookie use and collection practices.
- Consent logs and Dashboard: Maintains your cookie consent records to demonstrate compliance.
Related Blogs
Navigating Cookie Compliance: Key Legal Risks and How to Avoid Them?
Choosing the best cookie consent management solution for your website
Cookie Consent Solutions for GDPR & CCPA Compliance
Cookie Audit: A Comprehensive Guide for cookie audit by Mandatly Inc.
How to check cookies in Browser? Chrome & Microsoft Cookies
How can I block cookies on browser?
Website Cookie Scanner Features
What is Global Privacy Control (GPC)?
Keep your traffic up despite cookie banners
Requirement of Cookie Consent Records
The Essentials of a Global Cookie Consent Banner
What is Cookie Wall?
Gain Compliance with Cookie Requirements
Types of Cookie Consent Banners