Skip to content
Marketing Technology
3 min

Cookie considerations: How is GDPR affecting your website’s cookie policy?

by Michael O'Laughlin May 1, 2018

If you’re like our team, you have a seemingly endless “to-do” list in order to get your firm prepared for General Data Protection Regulation (GDPR) compliance. One such consideration includes the assessment of your data collection, and whether your website (or third parties like Google Analytics) collects any personal data using forms or cookies.

Auditing active cookies on your site

In order to identify whether you’ll need to update your website’s forms, ask yourself:

  • What information is being asked of the user?
  • Is the information user-identifiable (first name, last name, email address, etc.)?
  • Where is the information saved?

Then, you’ll need to identify how cookies are being used on the site.  This can be done using Developer Tools in your browser.  First, open Developer Tools; then browse to the home page of your website. There, you can see which cookies, including the name, value, domain and expiration date, are active on your home page.

Now that you have an inventory of all the cookies, you can review how the information is used and if there is user-identifiable data. This will help you work towards creating a data privacy plan that will lead your business towards GDPR compliance.

Knowing which cookies your firm is using is not enough to reach GDPR compliance. In fact, it’s essential to communicate with your users how their data is affected when interacting with your website. Those users need to:

  • Be notified that the site is actively collecting their data
  • How that data is being used
  • Be given the ability to have it removed


Consider the cookie consent box

Cookie consent can be completed in several ways, but one of the most common is through a notification box. You can create a custom consent box or use one of many third-party options that can be added to your site. However, third-party vendors often charge monthly to use their services.

Custom example:

Custom build of cookie consent form

Third-party example:

Third-party cookie consent form example

The information you choose to communicate on your cookie consent is based on your firm’s approach to GDPR and data privacy and will vary from business to business. You may want to consider all the content you’d like to display, as well as UX best practices when choosing your consent box option.


Please note that One North is not a law firm nor a legal expert. We strongly recommend your legal team reviews the EU law to define your firm’s best course of action.

Michael O'Laughlin
Director, QA & Managed Applications

As Director, QA & Managed Applications, Michael is responsible for delivering One North digital experiences to clients and creating both web applications and custom data integration solutions. Michael’s favorite Chicago spot is the United Center, watching the Hawks in the playoffs.