Logo Logo


The General Data Protection Regulation (GDPR) and ePrivacy Directive (ePR) affect how you as a website owner must obtain and store cookie consents from your visitors from the EU.


Try our free compliance test to check if your website’s use of cookies and online tracking is GDPR/ePR compliant.

In this article, you can read what the GDPR means for your website, your cookie consent and your use of cookies and online tracking.

The GDPR affects all websites located in the European Union, or websites that deals with users from the EU countries.

Cookie consent: What is the GDPR all about?

The main purpose of the General Data Protection Regulation is to bring the EU legislation up to date with the digital age, restoring the control over their own data to the users.

The latest law on protection of personal data dates from back in 1995.

1995. That’s almost ten years prior to Facebook!

… and long before cookies were used for everything from customizing websites to fencing in customers in a sophisticated web of targeted marketing.

The GDPR sets out strict requirements on data handling procedures, transparency, documentation and obtaining user consent.

What do the requirements mean for my website?

If you operate a website in the EU or have users from the EU countries, you must comply with the General Data Protection Regulation.

The GDPR covers both data that is directly personal, such as a name, a photo, an email address, bank details, IP-address etc., and data that can be combined in a way that can single out and identify individual users.

If your website or organization processes such data, then it must be revised to meet the new requirements.

What should I do to meet the requirements?

Map and evaluate the sensitive data in your organization, go through your security policies and make sure that the data is secure.

The two primary aspects to be aware of are:

  1. how you manage and store sensitive data in your organization in general, and
  2. the cookies on your website. This goes for both first-party and third-party cookies.

The GDPR means you will have to revise your website’s cookie policy and cookie consent, so that they meet the new requirements.

Why cookie consent?

All cookies that process personally identifiable data are subject to the new regulations.

In practice, this means most cookies, including cookies for analytics, advertising and functional services, such as survey and chat tools.

If you are using cookies that contain direct personal data or data that can potentially be connected or singled out to identify or track a person, you must henceforth take them away, or update your cookie policy and cookie consent.

Example of a GDPR compliant cookie consent noticeF on websites… and of one that is not

This is a compliant cookie message:

...while this is not:

At first sight, the two above examples may seem similar. But as always, the devil’s in the detail.

Implied consent, consent-by-use, and simple “accept cookies” buttons are not compliant methods for requiring consent according to the GDPR.

In the latter example (the dark one), the user has two options: click the ‘Alright’ button or click the “read more” link, that leads directly to the page holding the website’s static cookie policy.

In other words, the user is not presented with any true choice, and there is no insight into the cookies that are installed, where they come from and what purposes they serve.

Whereas in the compliant cookie message (the white one), the user is informed of the purposes of the cookies up front.

She or he may hereafter swiftly allow all cookies, or choose to see a detailed overview.

The overview simply folds out of the consent banner, mapping all active cookies and presenting them in an accessible manner.

In a glance, the user can now scroll through the cookies, see where they come from, read a description of their function and check their duration.

The user can then easily accept and reject the different types of cookies.

Detailed overview in an GDPR compliant cookie consent message.

List of requirements for cookie consents

Your GDPR compliant cookie consent system should ensure that the consent is ...

The easiest way to comply is to find a reliable cookie consent software that is based upon a thorough study of the new regulations and therefore can guarantee compliance with it.

Check out Cookiebot, a competitive solution that represents one of the few fully GDPR compliant cookie services on the market.

Six lawful reasons to process data

It is worth knowing that consent is one of six lawful reasons to process personal data.

Therefore, before applying a setup for user consents, consider whether the processed personal data falls under one of the other categories for lawfulness.

My website doesn’t process personal data, but I use Google Analytics, Mailchimp, social media buttons, Salesforce etc. Do I need a cookie consent?

All of the services and features mentioned above are examples of third-parties on your website.

They deposit cookies on your user’s browsers as they visit your website.

You are responsible for protecting your website users and for giving them clear information and choice about how their data is being used.

It is therefore adamant that you do have a proper and GDPR compliant cookie policy and cookie consent.

How do I implement a cookie consent on my website?

The easiest way to become compliant is by finding a solution that takes care of your cookie consent for you.

-For example Cookiebot, which is one of the few fully compliant solutions on the market.

Cookiebot offers a smooth user experience - both for you as a website owner and for the users of your website.

Once you have found the cookie consent solution of your choice, there are two main ways of implementing it on your website:

If you have a Wordpress site, you can simply use a Wordpress plugin.

Otherwise, you can add a cookie consent script directly to your website.

Wordpress plugin for GDPR-compliant cookie consent

If you have a Wordpress website, the easiest way to implement cookie consent on your website is by making use of a Wordpress plugin.

You can find and install cookie consent plugins in the plugin menu point in the admin area of your Wordpress site.

Be sure to look for the Cookiebot plugin which is fully compliant with both GDPR and the EU ePrivacy Directive.

Cookie consent script

You can also add a cookie consent script to your website. This is typically a simple javascript.

See the cookiebot script here.


Article explaining the EU ePrivacy directive and the GDPR
How to make your website compliant
On Cookies in the EU Internet Handbook
Google’s infopage on cookie choice

Make your website’s use of cookies and online tracking GDPR/ePR compliant today

Try for free