What you Need to Know about GDPR Cookie Compliance

GDPR (General data protection regulation) enforced by the European Union to protect its citizens' data privacy is all set to change the way users data is being handled by websites or business organizations. The law demands all parts of a website which has access to the users' data to comply with its rules.

As far as a mailing list or a website form is concerned users are well aware that they are giving their personal information in it. But when it comes to cookies, users have no idea that their information is being held without their consent. Thus GDPR has brought some strict norms to control such flaws of the websites.

What are cookies?

Cookies are small text files that are placed in the web browser of the user's device by the website the user is visiting. There are three different types of cookies session, persistent, and third-party cookies.

  • Session cookies are the temporary ones which expire when you close the browser or when a certain amount of time is elapsed.
  • Persistent cookies remain in that browser until their expiry period is reached to track the activities of the user on the website which created that cookie.
  • Third party cookies are used for the advertisement purposes and these are placed on your browser by websites other than the one you are visiting.

There can be both necessary and non-necessary cookies in it. Necessary cookies are essential for the proper functioning of the website. Whereas non-necessary cookies are placed mainly for the advertising and marketing related benefits.

GDPR On Cookies

Although cookies are mentioned only once in the 88-page long GDPR instructions. It reflects on the importance of cookies with those few words.


In short, if any data that either alone or in combination with other data is capable of identifying the person then possession of such data should be compliant with the GDPR norms.

Cookies and GDPR Compliance

GDPR compliance of cookies is indeed an important task to be done in order to make sure the overall compliance of your website to GDPR. The most unfortunate fact is that sometimes even the website owner wouldn't have any knowledge of the cookies that are present in his or her own website. Thus having a cookie audit done on your website will be useful to understand it.

Since cookies store a huge amount of personal data of users in them compared to any other part of a website, it would be a good plan to start complying your website for GDPR with the cookies that are present in them.

What are the requirements for complying cookies to GDPR?

GDPR has put forward some instructions on the GDPR compliance of cookies. You have to carefully follow them in order to achieve compliance and hence to avoid any repercussions on behalf of it.

  • Consent for cookies - Until GDPR, most of the websites were considering the silence of the users as consent. At least that was implied by them when they used phrases like "by visiting this website" or "by continuing with this website"  you agree to our use of cookies. This way of asking consent is no more valid under GDPR. Forcing the user to give consent for cookies by allowing them no other way to visit the website should be avoided as well. The website should try it best to provide the same experience for users who have given consent for cookies and who haven't.
  • Language in which cookie details are written -  GDPR has stated that the details regarding cookies should be given in a simple and straightforward language so that users don't have any issue in understanding it in its entire meaning. Often many websites use complex language to stop people from further reading it and hence they will be forced to give consent without fully understanding the details regarding cookies.
  • Separate cookie policy - Cookie policy was usually seen incorporated into the privacy policy page. And the privacy policy page would be quite long that users might skip most of the part and give consent not reading the cookie policy part. Thus GDPR has taken the stand to have a separate cookie policy page on the website so that users will be able to understand all details regarding cookies and give their consent with full awareness. The contents that have to be included in the cookie policy has been explained in another article which you can refer to for better understanding the cookie policy.
  • Opt-in and Opt-out options - All websites provide opt-in options in the cookie consent forms. But how many of them provide a proper opt-out option in it? must be rare to none. GDPR considers the right of users to withdraw or refuse the service of cookies as an important one. The law states that it should be as easy to deny consent as it is to allow. GDPR also demands the website owners to include the ability to enable or disable cookies in a granular level. Ie; consent should be specific to the use of each cookie and users should be able to reach a decision on allowing a cookie after reading its purpose.


For any website, cookies are essential for monitoring their performance. Thus giving users a choice to disable the cookie will impact the chances of the website on improvement. But abiding by the law is more important than that. Thus the only choice left is to let the users clearly understand how important those cookies are for the website while also giving them the right to deny the use of that cookie.

Make Your Website GDPR Compliant With CookieYes

CookieYes is a new and easy solution to make your website comply with the GDPR Cookie Law from Cookie Law Info. Join the 400,000+ website using our solutions now!

Share this post