What is GDPR cookie compliance?
The ePrivacy Directive is applicable in all European Union member States and implemented in their own way. Under the General Data Protection Regulation (GDPR), cookie consent is required from the user to put cookies onto their device.
What does GDPR say about cookies?
Get all your consent worries out of the way by using CookieScan. CookieScan will collect the consent provided by your website users and record them for you. If needed you can request the consent log for your site, very handy if you have to defend your company against a wrongful marketing complaint.
Do you need consent for cookies?
As mentioned, to put cookies onto a user's device, user consent is required. GDPR and EU Cookie Law go hand in hand, so the rights of the user need to be considered when putting cookies onto a user's device. By law, all website users have the right to decide their cookie preference settings, this gives the user more control of their personal data privacy online and how the personal information collected from them will be used.
There are different types of cookies, and some don't require user consent. This depends on the purpose of the cookies. For example, Strictly necessary cookies are necessary for the general running of the website.
Without these cookies, the website would not be able to function. For strictly necessary cookies, cookie consent is not required. But, where cookies are not essential for the general running of the site and are used for tracking a user's activity for analytical and marketing purposes, you need to have user consent before you can put them onto a user's device.
The following cookies require cookie consent from the user:
- Session Cookies - These are temporary cookies and are only stored on the users' devices for the duration of their stay. These cookies are used for actions like keeping your items in a shopping cart while you navigate around the site.
- Persistent Cookies - these cookies will linger on the browser for much longer than a session. These are usually a preference, advertisement, analytics, or social media cookies. These cookies will store user logins, language settings, targeted adverts, and personal profiling. These cookies can be from third parties which do not originate from the website operator.
CookieScan will set the appropriate pop-up on your site depending on the country the site is being viewed in. This Geo-location feature is available to all Standard account holders and can be turned on and off in your admin dashboard.
What is required on your website?
Each website GDPR cookie compliance requires:
CookieScan can help you to achieve compliance with GDPR and Cookie law! First, our CookieScan platform will complete a scan of the cookies operating on your website, our database will then automatically categories your cookies, and build your own compliant Cookie Notice and Cookie Banner for your website. CookieScan will regularly update your cookies descriptions if they change and the use of our portal will help you easily manage your account. CookieScan makes compliance with Cookie Law and GDPR quick and simple!
CookieScan provides all of this, a fully automated Cookie Notice or Policy, a full description of the cookies used by your website, their purposes and the time they are active on your device.
How do you comply with GDPR cookie law?
To ensure GDPR cookie compliance, you need to be doing the following on your website:
- before you use any cookies on a users visit (except necessary cookies) you ask for the consent of the user
- provide accurate information to the user on the data the cookie collects and tracks and its purpose for doing so. Provide this in an easy to read format and in an understandable language to the user
- keep a record of the users' consent
- even if certain cookies are refused, the user should still have access to your site and services
- it must be just as easy for the user to withdraw their consent as it was for them to give it. When the users have given their preferences on the cookies banner and accepted it, they should have that option to edit and change their cookie preference settings at any point while they are using the site.
- Provide Contact details of the data controller - if the individual has any questions about the use of their personal data or would like to make a subject access request they can do so by this contact.
- State your purpose of collecting - you must state to the user what personal data you collect from them and why this data is being collected. For example, you may collect an email address from an individual for the purpose of communication with them on a request that was made. In your privacy notice, you must specify this as your reason for processing.
- State your legal basis for processing - once you have explained what personal data is collected and for what purpose you must show your legal basis for processing. In GDPR there is 6 lawful basis to consider, which one you use will depend on the data that is being collected. (Article 6- GDPR)
- Transfer of the personal data - If an individual's personal data is shared with 3rd Parties for certain purposes, this must be explained within the privacy notice.
- The individual's rights - you must explain to their individuals their rights concerning their personal data and the ability for them to exercise their rights under GDPR. Some of their rights include; right of access, right of rectification, right to erasure, etc.
- Privacy by design and default - you must also explain the security measures you have in place to protect the personal data of individuals. for example, Firewalls, password-protected systems, multifactor authentication, data minimisation etc.
Make your website cookies comply with GDPR and CCPA
If your website targets individuals within the EU, you must comply with GDPR. Also, If your website targets individuals in the US, specifically in California, you must comply with the California Consumer Privacy Act (CCPA). In many cases, websites will target individuals in all these jurisdictions, so compliance with both these laws is essential.
What is the California Consumer Privacy Act (CCPA)? The CCPA was effective on 1st January 2020. Currently, the only Data Protection law in the US! Much like GDPR, the CCPA sets guidance on how businesses from all over the world can collect, store and process the personal data of those in the state of California.
While CCPA doesn’t require businesses to gain opt-in consent for cookies, it does require them to disclose what data is being collected by cookies and what is done with the data. The law aims to protect individuals from the resale of their personal data to third parties. These requests can be made in a similar way to a Data Subject Access Request.
CookieScan will help you make your website compliant with any countries cookie requirements. We are even going to go a step further, CookieScan will soon help you with your data protection compliance and offer your site users an easy way to request their data from you. The pop-up will have a feature to allow the site user to put in a 'do not sell my data' complying with the CCPA requirements, put in a data subject access request, and any of the other rights you have under GDPR.
Show your site users how serious you are about protecting their data.
CookieScan - Cookie Scanner
CookieScan will regularly update your cookies descriptions if they change and the use of our portal will help you easily manage your account.
If you want to see what CookieScan is like for yourself, try out our 30-day trial!