GDPR (General Data Protection Regulation) enforced by European Union covers all aspects of a website which has access to any kind of personal data of its citizens. Of all the components, cookies are the one with relatively more access to the personal data of customers. Thus controlling how cookies use these data is pivotal in abiding by the law.

Producing a watertight cookie policy taking into account all the requirements put forward by the GDPR is an important step towards GDPR compliance. This article will give you directions on producing such a policy for your website.

A cookie policy is a declaration to the users of your website on all details related to cookies like the kind of cookies active on your website, the kind of data traced by them, the purpose of collecting the data, where they are stored etc. It is usually seen within the privacy policy section itself.

Privacy policy imparts information to its users on how a website deals with the personal data that is acquired from all the users through different ways like mailing lists, website forms, chats etc. Cookies are usually included in the list. But since cookies are constantly changing and mostly hidden they pose a greater threat to the data privacy of its users than any other components of the website if managed carelessly. Thus it is necessary to update cookie policy frequently as compared to the privacy policy which is static always.

GDPR has brought a total transformation on how websites deal with the data of its users. Cookies are the most affected by it since it has access to a lot of personally identifiable data of the individual maybe without the individual knowing it. Thus a revised cookie policy is essential for the smooth functioning of your business/website. The definition of GDPR, personal data, and steps for website compliance are explained in another article which you can refer to for further reading.

GDPR has given greater concern to the cookie policy that it is required by all the website owners who have visitors from European Union to have a separate cookie policy page on their website. And this specific page should provide all details regarding its cookie use to its visitors.

Contents to be Included in the GDPR Cookie Policy

  • The policy should inform users that cookies are in use on the website
    You could maybe start your cookie policy stating that your website uses cookies. This might alert the users of it and even persuade them to read the rest of the paragraphs.
  •  Provide a description of what cookies are
    A lot of people who visit websites aren’t even aware of what is meant by a cookie. Thus providing a simple and precise definition of cookies for the visitors is important to grab their attention to the policy and later to the consent section.
  • Why cookies are in use
    It is clearly important to let the users of your website know why cookies are in use on your website. It is one of the crucial parts of the cookie policy since you can make use of this part to persuade users to understand the importance of cookies on the website and hence to give consent for the use of cookies. Thus you should pay close attention while drafting words for this part for telling the truth not leaving cookies in the darker shade.
  • What type of cookies are in use on your website ( Non-essential and essential cookies)
    When you categorize essential and non-essential cookies by stating why they are essential and the consequences of disabling them, chances are users will not disable it. In the case of non-essential cookies as well mention their usage to the website how they help improve their website experience by tracking their data( specify what kind of data). For example, cookies used for analytics store data related to the pages visited on a website, the time spent on the website etc, to analyze the users’ preferences so as to help make their next visit easy for them.
  • Mention if third-party cookies are in use
    Inform users of what third-party cookies are and what their purpose is. Then list those third-party cookies that are active on your website for notifying users. Make sure that users are aware of web browsers offering options to block third-party cookies by default.
  • Instructions for opting out or withdrawing cookie consent
    Cookie policy should provide an elaborate description of how users can opt-out of cookies if they wish. Users shouldn’t have any difficulty in getting this information. It should be given in straightforward language for users to follow easily. It should also be mentioned that they have the right to withdraw their consent at any point in the future.


Including this information in the cookie policy is essential to comply with GDPR. Make sure you give this information in precise and straightforward language for users to understand easily and keep it up to date for any changes that take place.