GDPR Cookie Consent
CookieYes is a simple and intuitive cookie consent management tool that will help your website with GDPR compliance.
14-day free trial. No credit card required.
What is GDPR cookie consent?
GDPR requires businesses to establish a legal basis before processing users’ personal data. Consent, according to the GDPR, should be freely given, specific, informed and unambiguous. The user should be able to consent to the processing of their personal data using a clear affirmative action.
Under GDPR and the ePrivacy Directive, users must give consent before websites can deploy cookies on their devices. GDPR cookie consent requires businesses to clearly and explicitly inform users about the cookies present on their website, the purpose of cookies, the user’s right to accept or decline cookies, and how users can exercise their GDPR rights.
How to comply with GDPR cookie consent?
- Scan your website to detect cookies and other trackers.
- Display a GDPR compliant cookie banner to users in the EU.
- Enable users to give consent to each category of cookies separately.
- Block third-party cookies until the user has given consent.
- Record user consents for proof of compliance.
- Allow users to withdraw or revisit their cookie consent at any time.
CookieYes for GDPR cookie consent
Cookie consent banner
Display a location-based, auto-translated and responsive cookie consent banner with full customizations for content, design, layout, buttons, behaviour and branding.
Add a cookie audit table to the cookie banner so users can give granular consent for different category of cookies. The cookie audit table also shows clear information about the category, purpose and lifespan of cookies.
Enable users to change their consent or modify cookie preferences by displaying a ‘revisit consent’ button on your website. This gives users easy access to withdraw their consent as required for compliance.
Auto-detect and block third-party cookies and trackers on your website until users’ give consent through the cookie banner. Support the DNT status of users’ browser settings and automatically block tracking cookies.
Record user consents in the consent log and export it for proof of compliance. Document users’ consent (anonymized) as well as their consent modifications or changes, if any.
Use a single dashboard, no complicated coding, and integrate cookie banners on any CMS, for all your subdomains and comply with multiple data privacy regulations such as GDPR ePrivacy Directive, CCPA, LGPD, CNIL and so on.
Do all cookies require consent?
Broadly speaking, all cookies except strictly necessary cookies are required to obtain GDPR cookie consent. The ePrivacy Directive details two cases for exemption from consent requirements.
- Cookies whose sole purpose is to carry out the transmission of a communication over a network such as a load balancing cookie.
- Cookies intended for a legitimate purpose such as facilitating information society services (services that are delivered electronically through the internet via websites, apps, etc.). For example, authentication or session cookies.
Which cookies require consent?
Cookies other than strictly necessary ones require consent. These include first-party cookies set by the domain you are visiting. They are usually functional cookies that remember login details, your shopping cart, browser preferences etc.
Third-party cookies set by a different domain, i.e. a third party (Google Analytics, Facebook, LinkedIn, etc.) require explicit user consent. They usually include advertising or tracking cookies that track your browsing history, online behaviour, spending habits to display targeted ads. Social media buttons, chat functionalities on a website etc. also involve third-party cookies.
GDPR cookie consent examples
CookieYes banner banner enables users to give informed, specific consent for cookies.
A cookie consent banner should:
- Inform users about cookie usage in plain and intelligible language
- Showcase different cookie categories used on your website
- Provide granular options to accept/reject different cookie categories
- Display ‘accept’ and ‘reject’ buttons on the banner with equal emphasis
- Not use pre-ticked boxes or ‘on’ toggles/sliders
Will GDPR cookie consent affect SEO?
Cookie consent banners will not affect SEO if they are implemented correctly. Google stresses the importance of avoiding intrusive interstitials for the search engine to be able to crawl a website. This means a cookie banner should not obstruct the content on a website and is optimized for different devices. Google has clarified that cookie banners will not negatively impact a site’s search performance.
Frequently asked questions
What is GDPR?
The General Data Protection Regulation (GDPR) is a law that governs the data protection framework in the European Union (EU). Effective May 25, 2018, GDPR provides for greater protection for the personal data of EU residents and mandates organisations to safeguard personal data.
Who does GDPR apply to?
The GDPR applies to any organization that process the data of EU residents. Organizations that operate within the EU or the ones that operate outside the EU and offer goods or services to individuals in the EU are covered under the GDPR.
What are the legal bases for processing data in GDPR?
GDPR requires organizations to process on a valid legal basis. The law provides six legal bases for processing: consent, the performance of a contract, a legitimate interest, a vital interest, a legal requirement, and a public interest.
What is the penalty for GDPR violation?
GDPR has two tiers of fines for non-compliance. The less severe infringements can incur fines up to 2% of annual global turnover or €10 million (whichever is greater). The more serious violations can result in a fine of up to 4% of annual global turnover or €20 million (whichever is greater).
What is GDPR consent?
The GDPR defines consent as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data belonging to him or her”.
What is personal data of GDPR?
Personal data is any information relating to an identified or identifiable individual. It is any data that can directly or indirectly lead to the identification of a specific individual.
Personal data can be identifiers such as name, identification number, IP addresses, location data or information specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. The GDPR takes a very broad definition of personal data that can be open to wide interpretation.
Are cookies personal data in GDPR?
Cookies can be considered personal data. GDPR states that ‘online identifiers’ like cookies are considered personal data if they can be used to potentially identify an individual. The GDPR works alongside the ePrivacy Directive (ePD) which requires that websites get users’ informed consent before storing cookies on their device.
Other than strictly necessary cookies, all cookies such as cookies used for analytics, advertising and functional services come under the scope of GDPR.
What is ePrivacy Directive?
The ePrivacy Directive is a set of rules for data protection and privacy in the EU that was passed in 2002 and amended in 2009. It regulates the use of electronic communications such as cookies, email marketing, data minimization, and other aspects of new digital technologies.
It is not binding and works only as a directive alongside the GDPR and other state-level privacy regulations. ePrivacy Directive will be replaced by the legally binding ePrivacy Regulation shortly.
What does the ePrivacy Directive say about cookies?
The ePrivacy Directive, often referred to as the EU’s cookie law, requires that websites obtain users’ prior consent before storing cookies in their devices, except for strictly necessary cookies. Users also have to be informed about the general purpose of cookies before they can give consent.
Is GDPR cookie consent required in the US?
GDPR cookie consent will apply to US-based websites if they cater to users in the EU.
There is no federal privacy law regulating cookie usage in the US. Some states have laws that regulate cookie usage for their residents, like the California Consumer Privacy Act (CCPA) and Consumer Data Protection Act (CDPA), Virginia.
Where can I find additional resources on GDPR?
Here are some links you can refer to for additional reading: