Nenad Todorovic
By Nenad Todorovic on 05 Jul, 2022

It's been several years since the GDPR law came into force, bringing with it new compliance requirements for website owners.

Many businesses introduced new cookie consent forms, updated their privacy policy pages, and listed all cookies configured on their sites to remain compliant.

However, despite those efforts, many organisations incorrectly or incompletely implemented those changes into their web estate and then got on with their day jobs, forgetting about them.

Some implementations deliberately made it difficult for customers to opt out, and this has led to people bouncing straight out of their site if it wasn’t immediately obvious how to deal with cookies to their satisfaction.

Others more or less forced people into opting in, which causes customer resentment.

GDPR is designed to protect the personal data and privacy of people residing in the EU from companies operating in or from outside the EU if they offer goods or services to individuals or monitor their behaviour, making Internet users aware of how information about them is collected and used online, giving them a choice to allow tracking or not.

Personal data is information that allows an individual to be directly or indirectly identified from collected data and, whilst this can be something obvious, such as a person's name, location, or username, it can be something that may be less instantly apparent, such as IP addresses and, as we discuss below, cookie identifiers.

Even though the UK has left the EU, it has a domestic data privacy law called UK-GDPR in place, This is the same as the EU version and is supported by the UK's Data Protection Act.

One of the most significant elements of the GDPR law is the ability for regulators to fine businesses that don't comply with the regulation. Organisations can be fined up to €20 million or 4% of their global annual turnover, whichever is higher. This also applies if an organisation incorrectly processes an individual's data.

There’s been a lot of change in approaches to privacy as a result and, with a potential ‘cookiepocalypse’ around the corner, perhaps it’s time for a review and a refresh to make sure you’re offering the best experience for your site visitors and not putting them off going further into your site.

Why should you care about cookies and consent?

Almost all websites use cookies - small files that act as short-term memory for the web. They are stored in the user's browser and enable a site to 'remember' little bits of information when a user visits your site.

Cookies are used to improve site performance and user experience. For example, they can provide a personalised web experience where users can consume content of high relevance to them. If you make it clear to your prospect or customer that they will benefit from cookies, they are much less likely to object.

However, some cookies collect data across many websites to create 'interest profiles' of people. These profiles can then be used for advertising purposes – and that’s the bit that many people often object to, as they get chased round the Internet for days with programmatic ads promoting the product they looked at on your website.

By creating a more refined, granular approach to cookie consent, you will be able to better inform your site visitor of the tracking enabled on your site, and provide users the option to not be followed, if they prefer. Your users will have more control over their online privacy, while your business will remain GDPR-compliant.

From our experience, users tend to avoid engaging with websites where they believe their privacy is at risk. If they feel like something is dodgy, they are less likely to engage and convert.

Types of cookies

When configuring cookie consent, it's essential to consider what types of cookies you have enabled on your site.

There are three main cookie categories: required cookies, performance cookies, and advertising cookies.

1. Required cookies

Required cookies are also known as 'strictly necessary' cookies, and are essential for the correct functioning of a website. If you disable required cookies, you may affect core website functions, such as security, accessibility, and content display. Required cookies should always remain enabled.

2. Performance cookies

Performance cookies gather data on how users use a website, which pages are visited, what products are most / least popular, or if they get error messages.

Performance cookies don't collect personally identifiable information (PII), meaning that the data collected is anonymous and only used to improve the functionality of a website.

3. Advertising cookies

Advertising cookies (persistent cookies) are used by advertisers and other web analytics providers that follow users' browsing habits across multiple sites.

Examples of advertising cookies include social media cookies that track users and provide ads on social media platforms. If these cookies are not allowed, the website won't show ads tailored to personal interests.

In order to understand cookie configuration on your web property, we recommend a cookie audit. A cookie audit will establish your cookie profile and will categorise all cookies based on their main categories as listed above. The audit will also ensure your privacy policy is up to date.

After the audit, you will need to consider options to offer to your website visitors, providing them the choice of tracking consent. By doing this, not only will you make your users feel that you take their privacy concerns seriously, but also allow them to fully understand the benefits and why cookies can be useful to them.

Good cookie consent management

So how do you know whether your website is collecting cookies correctly?

These are the options you should provide to your site users to ensure they are in control:

  • Tracking is disabled before the user provides consent – this gives the visitor a choice. They then have the power to decide what tracking they will accept or reject based on what is appropriate for them
  • Link to privacy and cookies policy provided
  • A list of vendors is provided (for example - Facebook, Twitter, Floodlight, etc.)
  • Option to adjust tracking preferences provided
  • All cookie details and clear consent preferences are provided


Time for a cookie audit!

If it's been some time since you reviewed your website consent management, a cookie audit will provide a thorough examination of all the cookies created on your site.

A cookie audit will help you to understand what cookies are configured on your site, what data you're collecting from your users, and whether you’re compliant with data privacy regulations.

Interested in getting a cookie audit and testing your compliance? Just get in touch.

Do Analytics. Better.