Cookies and GDPR

As we count down to May 25th website owners across the UK are looking at their websites, privacy policies and consent mechanisms.  One area at risk of being overlooked is the humble cookie - so it's time to take a look at cookies and how they are affected by GDPR.  In this article, we are…
11 May 2018 | Digital Business

INTRODUCTION TO COOKIES AND GDPR

As you may know, a cookie is a small file that is created on a website and sent to your device.  These are designed to perform a wide range of roles, from saving your session on a shopping site to authentication, remembering your preferences, recording site visitors or providing targeted advertising.  Most business websites use them.

COOKIE TYPES

Broadly speaking, cookies fall into 2 categories.  Essential cookies are required for correct operation of a website and provide information required by a user.  Any other cookies are classed as non-essential and are used for analytics, advertising, 3rd parties and identifying returning visitors.

THE CURRENT POSITION

In place right now is the EU Cookie Law, covering all EU member states and other sites targeting EU citizens.  It requires users be informed of the fact non-essential cookies are being used.  Compliance is achieved by use of a banner or popup notification confirming use.  You will have seen a phrase such as “By continuing to use this website, you accept the use of cookies”.  This does provide notice but not any choice.  The GDPR wants to change this by giving users an informed choice.

COOKIES AND GDPR

In the GDPR, cookies are referred to in Recital 30, which says:

NATURAL PERSONS MAY BE ASSOCIATED WITH ONLINE IDENTIFIERS…SUCH AS INTERNET PROTOCOL ADDRESSES, COOKIE IDENTIFIERS OR OTHER IDENTIFIERS…. THIS MAY LEAVE TRACES WHICH, IN PARTICULAR WHEN COMBINED WITH UNIQUE IDENTIFIERS AND OTHER INFORMATION RECEIVED BY THE SERVERS, MAY BE USED TO CREATE PROFILES OF THE NATURAL PERSONS AND IDENTIFY THEM.

Basically – cookies are now deemed as Personally Identifiable Information (PII).  Like any other PII, consent from the subject must be given before use.  This must be an informed choice so a simple opt-in or implied consent will no longer apply.

Cookies in use should be listed (a link to a policy page is a practical solution) as well as an opt-in / out choice for non-essentials cookies.  If consent is not given non-essential cookies cannot be used.  A technical solution will also be required to control cookie behaviour.

COMPLIANCE TIPS

  • Let your users know what types of cookies you use and for what reasons
  • Display a clear policy that explains cookie use and options available to the user
  • Categorise all of the cookies in use on your site and give the user a choice for each
  • Review cookie use regularly

WANT HELP?

We are considering putting together a compliance support pack to help small business website owners with GDPR compliance, comprising of document templates, checklists, technical audits and GDPR compliant solutions for common website technologies such as forms, cookie management, email opt-ins and consent forms.  Get in touch if this is something you might be interested in – anticipated cost will be £499.

Disclaimer:  Obviously we are a technology company, not a law firm and offer advice only to be helpful.  We recommend you seek legal advice and cannot be held liable for issues resulting from any information provided.

Want FREE Support?

Book your FREE 30m consultation call where we can look at what you need with your website or AI & Automation – and leave with actionable advice. 

Book your session

Need Help Now?

Need help straight away?  Talk to our customer ServiceDesk and our engineers will help – whether you are a Care Plan customer or not. 

Customer ServiceDesk

Website Management £1/day

Our Website Care Plans provide peace of mind your business website is in safe hands, from just £1/day 

Care Plans

Latest

"Communication is clear and easy to follow for all, even without a technical background."

Jo Gavin, General Manager
Ascot United

"From the offset Craig and his team were highly communicative, very responsive, and took our ideas and change requests into account without any hassle"

Dan Hayward, Managing Director
Atmosphere IT

"What can I can say, except where have you been all my life!"

Dan Lee, Operations Director
Monster-Shop

"Dealing with the people of GorillaHub has always been pleasant, and they have always been helpful."

Jai Patel, Director
JB Foods

"The ongoing support from the team has been invaluable"

Annelize Alfredo, Head of Centre
The Sheila Ferrari Dyslexia Centre

"I felt valued & supported throughout the entire process"

Jo Follows-Smith,
The Word Woman

"I am not very tech savvy but they were able to walk me through the whole process"

Jon Brooker, Founder
ProDrummer

"Superb! From start to finish the guys keep me updated daily and changes and feedback were always a key part in the strategy"

David Burton, CEO
Total Market Solutions

"Whenever I’ve requested changes however small or large, the work has been carried out efficiently and professionally"

Geoff Allen, Owner
Travallen Travel

"I am so happy I chose GorillaHub for our website build and look forward to growing the website with them over the coming years"

Joe Tickner, Business Development Manager
Ascot Promotions

Customer Feedback