Logo Logo


The General Data Protection Regulation (GDPR) and ePrivacy Directive (ePR) affect how you as a website owner must obtain and store cookie consents from your visitors from the EU.


Try our free compliance test to check if your website’s use of cookies and online tracking is GDPR/ePR compliant.

Who needs a cookie notice?

What are the requirements?

How can you get a GDPR compliant cookie notification for your website?

What is a cookie consent banner?

A consent banner is a cookie notice that appears on websites upon the user’s first visit to the site.

Cookie consent banners first started to show up on virtually every website in the EU in response to the ePrivacy Directive of 2002, popularly called “The cookie law”.

According to the Directive, all websites setting cookies had to inform their users about this.

The purpose of cookie consent banners therefore was to get consent from the users of the website to the setting of cookies.

However, the EU legislation regarding cookies and personal data is changing.

The cookie notifications are still required, but the requirements have become a lot stricter.

cookie notices, cookie banners and cookie notifications

The cookie popup consent banners we have grown accustomed to in the EU are variations of a box with a simple text informing of the use of cookies, an “ok”-button, and a link to the website’s privacy policy or cookie policy. This is not sufficient any more.

The two major changes in the legislation are:


The General Data Protection Regulation was enforced on 25 May 2018.

The GDPR is the most significant initiative regarding data protection in over 20 years.

It sets strict regulations on how personal data must be handled, and comes with heavy fines for those who fail to comply.

The ePrivacy Directive

The so-called ‘cookie law’, the ePrivacy Directive, is in the process of becoming an actual regulation.

It will probably be implemented in 2019, with the date of enforcement yet to be seen. 

The two EU laws both have significant impact on the practice and use of cookie consent banners.

With their enforcement, cookie consent banners on websites must change.

Do I need a cookie notification for my website?

If you have a website or blog with visitors from the EU, you need a cookie notice or popup.

In theory, only websites that collect user data by means of cookies need to get consent for doing so from their users.

However, virtually all websites set cookies that track users.

For example if the website is hosted, makes use of plugins, tools for analytics, or has social media-buttons.

You can take an audit of your website if you are in doubt whether or not your website sets cookies.

The free audit scans five pages of your website and sends you a detailed report of the cookies and online tracking on these pages, including information on their provenance, purpose and whether or not they are compliant.

Sign up to the Cookiebot solution, if you want a complete overview of the cookies and online tracking going on on all of your website.

Text: What are the EU requirements for cookie notifications?

The EU ePrivacy Directive requires prior, informed consent of your site users, while the General Data Protection Regulation (GDPR) requires you to document each consent.

To be compliant, the cookie notice should be one component of a cookie management solution for your website, that takes care of the following tasks:

1. To provide the website users with specific and accurate information on all cookies and other tracking technologies in use on the website.

2. To give the users the possibility to opt in and opt out of the various types of cookies, and to have access to their settings and make subsequent changes to them if they change their mind.

3. To make sure that the user consent is requested prior to the setting of cookies in the users’ browsers.

4. To make sure that the website functions properly even though the user has chosen to opt out of all but the strictly necessary cookies.

5. To keep a record of all given consents for documentation, and to make sure that this documentation is securely stored.

6. Ask for renewed consent every 12 months upon the user’s first revisit to the site.

Cookiebot does all of the above.

The easiest way to comply is to sign up to a GDPR compliant cookie solution, that takes care of all the necessary processes automatically.

Be careful to choose a truly compliant solution.

Because the laws are complex, and because they are in the process of changing, there unfortunately are a lot of non-compliant or only partially compliant solutions on the market.

You can try to take an audit of your website to check what cookies are in use on it, and find out what it takes to make your site compliant.

How to create a compliant cookie notice

There exists numerous ways of getting a cookie popup on your website.

If you have the skills, you may develop one yourself, or else you can acquire a cookie consent plugin from one of many suppliers.

However, be careful and note that the vast majority of the actual cookie popup solutions on the market are not compliant with the EU law the General Data Protection Regulation, which is enforced on the 25th of May 2018.

The fines for non-compliance are very heavy.

As explained above, the actual cookie consent banner is just one part of making your use of cookies and online tracking compliant.

Sign up to Cookiebot and become compliant in three steps.

Besides the cookie consent banner, the solution includes all of the other necessary functions to make your use of cookies and online tracking truly compliant today.

The service is user-friendly and non-obtrusive to the overall user experience on your website.

Cookie notification examples

Here is an example of a non-compliant cookie banner.

compliant vs non compliant cookie notices

This type of cookie banner consists of a simple declaration that the site makes use of cookies, an ‘ok’-button, and a link to the website’s cookie policy or privacy policy.

The use of this type of cookie popup is widespread on the internet today.

However, it is not compliant:

It does not provide specific and accurate information on the use of cookies, neither does it give the user any true choice as to what cookies he or she will accept or reject.

Furthermore, it neglects the requirement of prior consent.

Here is an example of a GDPR and ePrivacy Directive compliant cookie consent banner:

example of a compliant cookie popup

The user can swiftly opt in and out of the different types of cookies directly in the consent banner.

If they want to know more, they can scroll through detailed information on all the cookies, that fold out directly of the consent banner:

folded out cookie notification

Cookie consent banner generator

There exists numerous cookie popup generators on the internet.

You can easily find a vast choice by submitting “cookie banner generator” or "cookie popup" as a search query.

However, keep in mind that a cookie notice is completely worthless if it does not comply with the requirements of the actual regulations.

Check out Cookiebot to find a fully GDPR and ePrivacy Directive compliant cookie solution for your website.


The General Data Protection Regulation

The ePrivacy Directive

Data Breach Penalties

Cookie Law Update Expert

Make your website’s use of cookies and online tracking GDPR/ePR compliant today

Try for free