Cookie Considerations: How is GDPR Affecting Your Website’s Cookie Policy?

May 01, 2018 Michael O'Laughlin

If you’re like our team, you have a seemingly endless “to-do” list in order to get your firm prepared for General Data Protection Regulation (GDPR) compliance. One such consideration includes the assessment of your data collection, and whether your website (or third parties like Google Analytics) collects any personal data using forms or cookies.

Auditing Active Cookies on Your Site
In order to identify whether you’ll need to update your website’s forms, ask yourself:

  1. What information is being asked of the user?
  2. Is the information user-identifiable (first name, last name, email address, etc.)?
  3. Where is the information saved?

Then, you’ll need to identify how cookies are being used on the site.  This can be done using Developer Tools in your browser.  First, open Developer Tools; then browse to the home page of your website. There, you can see which cookies, including the name, value, domain and expiration date, are active on your home page. 

Now that you have an inventory of all the cookies, you can review how the information is used and if there is user-identifiable data. This will help you work towards creating a data privacy plan that will lead your business towards GDPR compliance. 

Knowing which cookies your firm is using is not enough to reach GDPR compliance. In fact, it’s essential to communicate with your users how their data is affected when interacting with your website. Those users need to:

  1. Be notified that the site is actively collecting their data
  2. How that data is being used
  3. Be given the ability to have it removed

Consider the Cookie Consent Box
Cookie consent can be completed in several ways, but one of the most common is through a notification box. You can create a custom consent box or use one of many third-party options that can be added to your site. However, third-party vendors often charge monthly to use their services.

Custom Example:

Custom build of cookie consent form

Third-party Example:

Third-party cookie consent form example

The information you choose to communicate on your cookie consent is based on your firm’s approach to GDPR and data privacy and will vary from business to business. You may want to consider all the content you’d like to display, as well as UX best practices when choosing your consent box option. 

Please note that One North is not a law firm nor a legal expert. We strongly recommend your legal team reviews the EU law to define your firm’s best course of action.

Interested in more on GDPR and Privacy Best Practices? Watch #1NWebinar: GDPR & Privacy Best Practices for Digital Marketers. If you’d like to discuss actionable next steps to make your digital assets compliant to the GDPR, learn more here.

Subscribe

The One North Ideas Update delivers each month’s latest posts on digital for PSOs—including industry trends, news and our latest research—directly to your inbox. Although it’s our goal to always include thought-provoking and compelling content, you can unsubscribe at any time. 

See our Privacy Policy to learn more about how we protect and manage your submitted data.

Michael O'Laughlin Head of QA & Managed Applications

As Head of QA & Managed Applications, Michael is responsible for delivering One North digital experiences to clients and creating both web applications and custom data integration solutions. Michael’s favorite Chicago spot is at the United Center, watching the Hawks in the playoffs.

  • Favorite movie quote: “Great moments...are born from great opportunity. And that's what you have here tonight, boys. That's what you've earned here tonight. One game. If we played 'em ten times, they might win nine. But not this game; not tonight.” - Miracle
  • What you wanted to be when you were little: A firefighter

One North Interactive 
222 North LaSalle St, #1500
Chicago, IL 60601

+1 312.469.1740