The GDPR deadline is creeping up on us, so it’s time to sort out our cookie policies. Cookies have become a common occurrence on the web and are used to collect data and analytics for marketing purposes. They are mentioned only once in the EU General Data Protection Regulation but it’s still important to make sure you’re compliant as the repercussions could be significant.
WHAT DOES GDPR SAY ABOUT COOKIE POLICIES?
Natural persons may be associated with online identifiers such as internet protocol addresses, cookie identifiers or other identifiers. This may leave traces which, in particuler when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
This basically means that if a cookie can identify an individual from a device then it is considered personal data. This might be a cookie that’s used for analytics, advertising and functional services, survey or chat tools.
WHAT TO DO TO BE GDPR COMPLIANT
To be compliant then you either need to stop collecting cookies or have a lawful reason for doing so. In the past, this had been done by having visitors give what’s known as “implied consent” but now it’s a little more complex. Here’s what you need to know:
- Cookies are personal data. It doesn’t matter if online visitors use pseudonymous or if the cookies you use do not directly identify an individual. It is now still considered personal data.
- Browser settings. You must make it easy for visitors to withdraw their cookie consent. You can no longer just tell visitors to block cookies if they don’t consent.
- You can no longer rely on the “by using this website, you accept cookies” notice. You must provide visitors with a genuine and free choice and you must provide some service to those who don’t accept your cookie terms.
- Opt-out. Even if you get valid consent from visitors, you must still provide them with a way to opt-out and change their minds.
WHAT’S THE BEST APPROACH?
Businesses may want to start giving site visitors the opportunity to act before cookies are set on a first site visit. If you have offered fair notice, continuing to browse on the website can, in most circumstances, be considered valid consent via affirmative action, however, you must implement a clear, easy to find, opt-out route.
However, if your site contains health-related content or browsing history that may reveal sensitive personal data about the visitor you may be required for more explicit consent.
All theimagefile cookies are managed within the privacy page that we provide. You can add this page to your website by going to Create New Web Page > Others > Privacy Page. Within this section, there are also instructions on how to add this page to your website footer.
We only use session cookies that do not require opt-in, however, if you feel that you want to have an opt-in option on your website then there is a very easy piece of code that you can add into your website. It’s literally just a case of pasting the code into the first line of your website <head> at My Websites > Customise Design > Site Layout > Embed Custom HTML/CSS.