Is cookie policy required under GDPR?

Yes, under the GDPR, a cookie policy is required as cookies are considered a part of personal data. A cookie policy should inform users about the use of cookies and similar tracking technologies on your website, what data is collected, for what purpose, and how long it is stored or used. Additionally, a cookie policy should also provide users with clear information about how they can manage or reject cookies on your website/app. 

Along with cookie policy, the GDPR also requires websites to obtain explicit consent from users before placing non-essential cookies on their devices. This can be achieved by displaying a cookie consent banner when a user visits your site. Users must be given the option to accept or reject cookies, and they should be able to access the website even if they choose not to accept non-essential cookies.

You can create a custom policy in minutes with our free cookie policy generator.