Is your website cookie compliant?

You're no doubt familiar with the General Data Protection Regulation (GDPR) - an EU-wide regulation (including post-Brexit UK) that controls how companies and other organisations handle personal data.

To give people control over how their data is used and to protect "fundamental rights and freedoms of natural persons", the legislation sets out strict requirements on data handling procedures, transparency, documentation and user consent.

What you may not know is that in 2020, the European Data Protection Board (EDPB) adopted guidelines on ‘valid consent’ under GDPR. These include how you must now address consent for the use of 'cookies' on your website.

A cookie is a small file which is placed on your computer's hard drive for specific functional reasons. Some are essential for a website to function, some improve user experience by, for example, saving user preferences, and some enable third-party elements to work, for example Google Analytics or advertising platform tracking.

All but essential cookies require consent. If your website is serving individuals from the UK / EU and you (or embedded third party services like Google and Facebook) are processing any kind of personal data, you need to obtain prior consent from the visitor.

The EDPB guidelines state that valid consent must be a freely given, specific, informed and unambiguous indication of the user’s wishes, i.e. a clear and affirmative action by the user.

In practical terms, this means you have to:

• Make people aware of which cookies are used on your website
• Describe the extent and purpose of your data processing in plain language
• Enable people to consciously consent to their preference, i.e. allow all cookies, allow selected cookies, deny all cookies
• Prevent cookies from being served until consent has been confirmed
• Record all consents as evidence that consent has been given, to be readily available to users and regulatory bodies
• Enable users to change consent choices at any time

If this all sounds a bit complicated, that's because it is! Happily, we have the perfect solution in the shape of a dedicated 'plug-in' that can be installed on your website for a low, one-off fee (to VRVE) and an equally low monthly subscription (direct to the plug-in licensor).

It offers true compliance with privacy legislations through respectful and transparent data exchange, based on consent between end-users and the websites they visit. It not only covers GDPR, but also the California Consumer Privacy Act (CCPA) should any of your website visitors be from that particular North American state.

So, don’t be caught out by a non-compliant (or non-existent) website cookie notice! Get in touch to find out more about our fully compliant solution.