0

CookiePro Knowledgebase

dot-patten banner

Knowledgebase Cookie Banners How to Create a GDPR Compliant Cookie Ba...How to Create a GDPR Compliant Cookie Banner

How to Create a GDPR Compliant Cookie Banner

CookiePro Cookie Consent allows your organization to perform a complete discovery of the cookies, local storage, and tags that are currently being used on your website. This provides insight into the ways in which your organization is capturing a site visitor’s personal information when they browse your site – a key requirement under GDPR.

Your team can use this information to build a cookie banner and preference center that allow site visitors to directly control which categories of cookies can capture and process their information.

This guide will help you with the initial setup and implementation of Cookie Consent. You will be able to create a Cookie Banner, Preference Center, and Cookie List and configure them for specific legal frameworks. These elements can then be tested and placed on your website.

Last Updated: September 17, 2021

01Signup for a CookiePro Account

The first step to creating a GDPR-compliant cookie banner is to sign up for a CookiePro account. Or set up a free account, no credit card required!

Once you’ve signed up you’ll receive two emails:

  1. Invitation to the CookiePro Application
  2. Invitation to the CookiePro Community

02Scan Your Website

Once you set up your CookiePro account, it’s time to scan your website for cookies, trackers, and tags.

  1. Log into the CookiePro Application and navigate to the Cookie Consent dashboard.
  2. On the Cookie Consent menu, select Websites.
  3. Click the Add Website button at the top right corner of the screen and enter your site details into the box provided.
  4. Click the Start Scan button. CookiePro will then start scanning your site for cookies.

03Create a Template

While your website is scanning, you will need to create a template(s) for your cookie banner.  The template stores all your settings for your banner (layout, content, and behavior).

Once you have created a template, you will assign it to geolocation rules to choose when it should display to visitors. For example, you can create a GDPR template that displays to visitors from the EU, and a CCPA template that displays to visitors in California.

If you like, you can use this template on multiple websites (if you have purchased more than 1 license).

To add a template,

  1. On the Cookie Consent menu, select Templates and click the Add New button.
  2. Select the type of template you want to use. In this tutorial, we’ll be using the Generic Cookie Banner template as it meets GDPR compliance standards.
    1. The Generic Cookie Banner template is the standard template that can be used for GDPR compliance.
    2. The CCPA Template (California) contains verbiage, category groupings, and settings that match closely with the California law.
    3. The IAB Transparency and Consent Framework 2.0 template is used for publishers to comply with GDPR. This template is geared towards ad tech vendors and manages consent according to the IAB Transparency and Consent Framework – it contains a lot of settings and options which won’t be of relevance to typical Squarespace site owners).
  3. Click the Next button and add your Template Name, Organization, and Default Language.
  4. Click the Create button.

It’s now time to customize the layout, styling, content, and behavior of your template. This allows you to create a look and feel that matches your organization’s branding style and behavior preferences.

Customize the Banner Template

Customize how you want the banner to appear on your site.  CookiePro offers a variety of mobile-responsive layouts including center rounded, flat, floating flat, floating rounded, floating rounded corner, and floating rounded icon.

To ensure maximum GDPR compliance:

  • in the ‘Content’ options, make sure you go to the Cookie Policy Link option and switch the ‘Show Cookie Policy Link’ option to the on position, and add a link to your cookie policy.
  • in the ‘Content’ options’, enable the Cookie Settings button.
  • For GDPR compliance you must either display a ‘Reject All’ button or a Close button on your banner to allow users to opt-out of cookies easily. CookiePro provides both options.
  • When you’re creating your geolocation rules, make sure to use an opt-in consent model.

You can use the ‘Styling, ‘Content’, and ‘Behavior sections to further tweak your banner’s appearance.

Once you’ve configured your banner to your liking, click the ‘Save Template’ button in the top-right corner of the screen.

Tip: The ‘Styling’ tab allows you to add custom CSS to your banner. This enables you to display a banner that matches the rest of your website or brand.

Customize the Preference Center Template

Create a preference center that allows visitors to opt-in or opt-out of certain categories of cookies.  Customize your preference center using a variety of mobile-friendly layouts, positions, colors, behaviors, editable content, and even custom CSS to further stylize your preference center to align with the rest of your website or brand.

Customize the Cookie List Template

You can customize the layout, styling, content, and behavior of your cookie list template. This allows you to create a look and feel that matches your organization’s branding style and behavior preferences.

04Create a Geolocation Rule Group

After you have set up your template(s), you must set up a Geolocation Rule Group to determine the consent model and template that will be shown to site visitors from certain locations.

To add a Geolocation Rule Group:

  1. On the Cookie Consent menu, select Geolocation Rules.
  2. Select the Default Consent Policy rule or click Create New to create a new rule group
  • By default, there is a pre-configured rule group called ‘Default Consent Policy’ that you can modify to work for your website’s compliance requirements.

Create Geolocation Rules

  1. Once your rule group is created, select Add Rule to create a new rule that applies the template you created in step 6. Each rule will determine the template that should be displayed to each visitor based on their geolocation.
  2. Complete the fields below:

 

Field Description
Rule Name Enter a name for the rule.
Select the regions you like to assign this policy to Select the geo-locations in which the rule should be applied. These can be regions, countries, or states.
Template Use the text box to search for the Template name. Select a Template to use for the rule.
Show Banner Select this checkbox to show the banner on the domain for site visitors originating from the applicable locations.
Consent Model Select the consent model you would like to use. For more information, see Consent Models.
Category – Status Select the default status for each category. For more information, see Category Statuses
Category – Do Not Track Select this checkbox to set cookies in the category to respond to Do Not Track requests sent by the browser.
Behaviors – Close Banner Select the checkboxes for the actions site visitors can use to close the banner.
Behaviors – Accept All Cookies Select the checkboxes for the actions that site visitors can use to accept all cookies.
Enable IAB Europe transparency and consent framework Enable this setting to include support for IAB Transparency and Consent Framework vendors and purposes.
Vendor Version List Select the vendor list you want to use.
Set Global EU Consent Enable this setting to set the EU 3rd party cookie that allows other CMPs to read the preferences set by the site visitor.
Capture Records of Consent Enable this setting to log records of consent.
Unique Site Visitor ID Chose how the Consent Records will be tracked.

Consent Models

CookiePro offers multiple ways for you to run your cookies, with varying degrees of compliance with GDPR.  For example, you can configure settings so that every cookie is run the moment that a visitor lands on your site — or you can block all cookies until a user has gone in and reviewed what cookies they’d like to opt-in to.

Create a set of geolocation rules that define the consent model, behaviors, and content shown to site visitors based on their current location. This allows you to use one template and banner script across multiple domains, but change the content and behaviors based on local requirements.

  • Notice Only. If you select Notice Only as the default consent model, all cookie categories will set and cannot be disabled by website visitors. A banner informing the visitor that the website uses cookies will be displayed on the landing page of the website.
  • Opt-out. If you select Opt-out, all cookie categories (besides Strictly Necessary) will be set to require opt-out. These cookies will be automatically enabled when the visitor lands on the website. The website visitor can disable the non-Strictly Necessary cookies in the preference center.
  • Opt-in. If you select Opt-in, all cookie categories (besides Strictly Necessary) will be set to opt-in. These cookies will not be set on the visitor’s device unless they are enabled in the preference center.
  • Implied Consent. If you select Implied Consent, all cookie categories (besides Strictly Necessary) will be set to implied consent. These cookies are not set until the website visitor clicks the Accept button or engages in another implied consent behavior. The website visitor can disable cookie categories in the preference center.
  • Custom. If you select this option, you can set a different default status for each category of cookie on your site. You can customize the consent model to suit your organization’s needs and can set the Do Not Track status for each category of cookie.

Category Statuses

For rules that use the Custom consent model, you can select the default status for each category of cookies or vendors. The status indicates the behavior of category and the conditions under which the cookies will be set. The statuses align with the consent models with which they share their names.

  • Notice Only. Cookies in a Notice Only category are automatically set and will be shown in the preference center, but cannot be disabled by the site visitors. Cookies in a Notice Only category cannot rely on Consent as the legal basis for processing data.
  • Opt-out. Cookies in an Opt-out category are automatically set and can be disabled by the site visitor in the preference center.
  • Opt-in. Cookies in an Opt-in category are not set by default and must be proactively selected by the site visitor in the preference center. Opt-in allows for the explicit consent of the site visitor.
  • Implied Consent. Cookies in an Implied Consent category are set when a site visitor engages in designated implied consent behaviors such acknowledging the banner, scrolling, clicking, or navigating to a new page.

Assign Geolocation Rule Group to Domain

Once you create a rule group to define the consent policy, you can assign it to your domains to ensure the behavior is consistent across your sites. The policy works in combination with your template to manage the banner and preference center content and behavior on your domains.

  1. On the Cookie Consent menu, select Geolocation Rules.
  2. Click on the name of the rule group you want to assign.
  3. Go to the Assigned Domains tab.
  4. Click the Assign to Domains button.
  5. Select the checkboxes for the domains you want to assign.
  6. Click the Assign button.  The next time you publish the script for your domain, it will adhere to the rules configured in the policy.

05Categorize Your Cookies

You now need to assign your cookies to the relevant categories in CookiePro (note: make sure your scan has 100% finished first – you won’t see all the cookies on your site until the scan is complete).

The categories are as follows:

  • Strictly necessary — put anything vital to the running of your website in here
  • Performance cookies — this should be used for any web stat tools (i.e., Google Analytics)
  • Functional cookies — this category should be used for cookies which enhance the functionality of your site but are not 100% essential to users
  • Targeting cookies — use this category for things like Facebook pixels or Google Ads cookies (scripts that retarget users or track conversions etc.)
  • Social media cookies — this section can be used for any cookies related to social networks.

To Categorize or Recategorize Cookies

  1. On the Cookie Consent menu, select Categorizations.
  2. Select the checkboxes for the cookies you want to update.
  3. Click the Update icon button.
  4. Select the Category to which you want to assign the selected cookies.
  5. Click the Categorize button.
  6. Click the Websites tab.
  7. Select the domain which contains the updated cookies.
  8. Click the Recategorization button.  The scan results are updated with the new categorizations.

06Publish Scripts

Once you’ve scanned your site, created template(s), created a geolocation rule group, assigned your domain to a rule group, and categorized cookies, it’s time to publish your script.

The script tags are the snippets of code you can use to implement the banner and preference center on your site. Once the tag is implemented on your site, any changes to your template, rules, or categorizations will be published on your site and the script does not have to be re-implemented.

  1. On the Cookie Consent menu, select Scripts.
  2. Select your domain.
  3. Click the Publish button.
  4. Click Next to navigate to the Production tab.  (The first screen gives you the Testing CDN script for your Staging site).
  5. Customize your settings and click the Copy Script button for the Production CDN script.
  6. Paste the copied script in the <head> of your site. The script must be placed before any other script in your <head> section.
  7. Click the Publish button to publish your settings.

 

Cookie Settings Button

This will display either Do Not Sell My Data button or Cookie Settings button based on the Geolocation Rule Group assigned to the domain and the site visitor’s location. The Production CDN script must also be included on the page.

  1. On the Cookie Consent menu, select Scripts. The Scripts screen appears.
  2. Click on the name of the domain you want to implement. The Scripts Details screen appears.
  3. Click the Publish button. The Publish pane appears.
  4. Click Next to navigate to the Production tab.
  5. Click the Copy Script button for the Cookie Settings Button script.
  6. Paste the copied script in the code for your site. The Cookie Settings Button references the script that is placed in the <head> of the site.

Cookie List

This code will insert a detailed Cookie List including description and table of cookies based on the current cookie assignment. You can embed the script in a privacy policy or a standalone cookie list page. The Production CDN script must also be included on the page.

  1. On the Cookie Consent menu, select Scripts. The Scripts screen appears.
  2. Click on the name of the domain you want to implement. The Scripts Details screen appears.
  3. Click the Publish button. The Publish pane appears.
  4. Click Next to navigate to the Production tab.
  5. Click the Copy Script button for the Cookie List script.
  6. Paste the copied script in the code for the page where you want to display the list. The Cookie List references the script that is placed in the <head> of the site.

Get Started with CookiePro

Create a Cookie Banner with CookiePro

Create a customizable cookie banner and preference center for visitors to provide consent and opt-in or opt-out of certain categories of tracking on your website.

Get Now
Onetrust All Rights Reserved