Information about GDPR and cookies
The General Data Protection Regulation (GDPR) is a EU-wide regulation that controls how companies and other organizations handle personal data. The EU data protection reform was adopted by the European Parliament and the European Council on April 27th, 2016. The European Data Protection Regulation is applicable as of May 25th, 2018, and replaces the Data Protection Directive. It is the most significant initiative on data protection in 20 years and has major implications for any organization in the world, serving individuals from the European Union.
What does the GDPR mean for cookies on my website?
If your website is serving individuals from the EU and you – or embedded third party services like Google and Facebook – are processing any kind of personal data, you need to obtain prior consent from the visitor.
In regard to cookies and trackers, this means that:
- You are responsible for all cookies and trackers on your website. Even if they are not your own cookies. E.g. third-party cookies like from Google, Adwords, Doubleclick, Youtibe, Facebook, etc.
- You need to be aware and document all information on cookies and tracking technologies on your website(s): what their purpose is, where the data is sent to, what type of cookie / tracker, how long information is stored.
- You need explicit consent prior to loading cookies and trackers.
- All given consent must be stored in a log.
- Users must be able to withdraw or change their given cookie consent.
Valid cookie consent
To obtain valid consent, you need to describe the extent and purpose of your data processing in plain language to the visitor, prior to processing any personal data.
Check out the EU-infopage on the reform of the data protection laws.
How CookieInfo can help
Using a fully automated cookie solution, you can automate GDPR compliance for your website on the requirements regarding tracking and consent for cookies.
CookieInfo supplies the world leading Cookiebot solution enabling you you to monitor and document any kind of tracking on your website, display the relevant information to your website visitors and automatically obtain and log all user consents.
GDPR fines and penalties
Organizations in non-compliance risk heavy fines of up to €20 million, or 4% of the organization’s global yearly turnover, whichever is higher.