The General Data Protection Regulation, GDPR for short, is a privacy law designed to protect the personal data of European Union (EU) residents. The GDPR took effect on May 25, 2018, and affects all companies, regardless of origin, if they possess the personal information of an EU citizen in their database.
Prior to the GDPR, websites would drop cookies onto their visitors’ browsers without their knowledge or consent. However, all that changed with the GDPR legislation. Recital 30 of the General Data Protection Regulation considers cookies as part of personal data. It requires websites to obtain valid consent when collecting personal data from its users. The law now gives its citizens rights over their data.
Why do we need cookies?
Cookies are lines of code that a web server sends out along with the requested website the very first time it is called out by the browser. Once in the browsers, these cookies transmit data like user ID, session ID, and settings, back to the web server. The cookies will remain in the browsers until it gets flushed out through the “clear cookies” action.
Cookies help to improve user experience on the site. They stored information to identify you and provide personalized content and settings.
Why do the regulators care so much about these cookies?
Like all things good, cookies can be misused in the wrong hands. While cookies can be convenient for website users, they can turn sinister by tracking and remembering user behavior for monitoring and marketing purposes.
How does one be GDPR-compliant with regard to cookies?
The banner could be either a pop-up or a banner bar. The bar could be either at the top or the bottom of the page. The pop-up or the banner should have clear and precise information about the purposes of cookies that are placed on the user’s browser. Pre-ticked boxes for cookie consent are now allowed. What regulators would like to see is affirmative action like “accept” or “reject”.
Next, you have to keep a cookie consent log to document cookie consent for proof of compliance in case you come under regulatory scrutiny.
If you need help in implementing any of the above, let’s connect.