CookiePro Blog March 12, 2020

GDPR Cookie Banner Best Practices

For companies who handle the personal data of residents in the EU, developing a website and privacy strategy to comply with the General Data Protection Regulation (GDPR) is crucial. A huge part of compliance with the GDPR is communicating to users what information is being gathered on them and what is being done with that information.  

Website owners must also allow users to have fundamental rights with regards to what data they’re willing to share, how they can access the data, and provide them with a way to request the deletion of the data. Because cookies can collect personal data on visitors, a GDPR-compliant cookie banner is a major step toward GDPR compliance. 

CookiePro makes creating a GDPR-compliant cookie banner simple with features dedicated to helping websites maintain compliance with the GDPR. To avoid GDPR sanctions, organizations should try to stick to the collection of data as an opt-in model. This means that the user must opt-in to the sharing of their data at or before the point of collection if any cookies beyond strictly necessary cookies are on the website.

Strictly necessary cookies are cookies that are crucial to the operation of the basic functions of the site, so the GDPR does not require opt-in consent for any strictly necessary cookies. Configuring an opt-in consent cookie banner is the best way to be compliant with the GDPR. Users in the EU have specific rights that website owners should adhere to. 

GDPR Checklist

  1. Scan your website to identify and categorize cookies and tracking technologies on your website.
  2. Display a customizable geolocation-based cookie consent banner that auto-blocks cookies until the visitor in the EU opts-in or out of the cookie policy. It’s easiest to include a button for the user to accept cookies in a cookie banner before dropping any cookies other than those deemed strictly necessary.
  3. Build a GDPR-specific web form for data subject requests. Centralize any visitor’s requests for the deletion or updating of their personal information.
  4. Set deadlines for fulfilling requests to comply with the GDPR-required time frame of one calendar month.
  5. Verify the data subject’s identity and connect throughout the request intake and workflow process through internal systems.
  6. Create a preference center for visitors to opt-out of the processing of their personal data and comply with the GDPR requirement to provide the user with an easy-to-find place to choose their consent preference.
  7. Generate a cookie policy to comply with GDPR and let visitors know what cookies your site uses. The GDPR requires that users are given enough information about cookie use for them to make an informed decision. It must include information about why it collects data, whether it’s for data analytics, advertising, or social media.

From the time to the website loading to the time when the user consents, the site should not have collected any information or dropped any cookies yet. Once the user consents, that’s when the site can drop the cookies on the user’s device. Even if the user ignores the banner and doesn’t opt-in or out, that’s still not considered opt-in until the user acknowledges and accepts the cookies. 

Geo-targeting gives the website owner the ability to target users in specific locations by displaying a cookie consent banner that is compliant with the requirements in that country. You can adjust the level of consent based on the location of the user. 

Creating a GDPR-compliant cookie banner is easy with CookiePro, a fully packed cookie consent software platform capable of helping your website obtain compliance with a myriad of global privacy regulations. Scan your site for free and get started with your GDPR-compliant cookie banner today!  

Onetrust All Rights Reserved