As a website owner, you are required to obtain and store cookie consents from your EU visitors in accordance with the General Data Protection Regulation (GDPR) and ePrivacy Directive (ePR). Otherwise, you risk being fined.
An explanation of cookie consent
To put it briefly, cookie consent just means that the visitors of your website have given their consent to letting the site activate its cookies that process personal data.
You are responsible for protecting your visitors’ personal data
The EU’s GDPR applies to all personal data. According to the EU’s GDPR, personal data can be defined as “any piece of information that relates to an identifiable person”. Therefore, an IP address, name, photo, email-address and bank information are examples of personal data which is governed by the GDPR and requires a prior consent from your visitors.
Disturbingly many website owners do not know how much their domains are being used by unknown companies to illegally gather personal data abut their visitors. Therefore, it is crucial to take your responsibility as a website owner seriously.
Risk of large fines
As mentioned, if you do not follow the GDPR, you risk being fined. The fine can be as high as €20 million, or 4% of your business’ worldwide annual revenue from the preceding financial year. This is another reason why it is extremely important to comply with the GDPR cookie consent requirements.
Obtain a cookie consent of your visitors
The first thing you need to do to be sure you follow the GDPR, is to obtain a cookie consent of your visitors before you gather any data. This you can do by using a consent management platform (CMP) on your website. The CMP enables compliance for your website with GDPR.
It is also important that your website enables the visitors to activate and deactivate cookies – except for those strictly necessary.
Do you use Google Analytics and/or Google Ads?
Additionally, if you want to make sure that your use of Google Analytics and Google Ads is GDPR compliant, consider using Google Consent Mode. Google Consent Mode works in integration with your CMP which scans and finds all cookies on your website in order to automatically control them on the basis of your end-users’ consent.
Does Brexit affect GDPR?
Please notice, that there are still some uncertainties about how Brexit will affect GDPR. Right now, we are in a transition period where personal data can temporarily flow between the EU and UK. However, this agreement will run out on 1st July 2021, so hopefully, we will soon learn more.
But until we know more, the Information Commissioners Office (ICO) has urged businesses who are dependent on data from EU/EEA countries to set out binding corporate rules (BCRs) or standard contractual clauses (SCCs) on data protection for the EU organisations you exchange information with.