The Good Manager  >  Training modules

100 points to know about...
Eco-Design Web Development

100
points to know about...
Eco-Design Web Development
Back to module summary

Notion 71

GDPR and cookies

Target skills

Discover what GDPR is.

GDPR

As of the 25th of May 2018, the EU Regulation 2016/679, known as GDPR (General Data Protection Regulation) - on the protection of individuals with regard to the processing and free movement of personal data - became fully applicable in all Member States.

You can watch the following video to have a general idea of what a GDPR is:

According to the EU's General Data Protection Regulation (GDPR), your website has a duty to allow European users to control the activation of cookies and trackers that collect their personal data.

Here we outline the most important aspects to consider when dealing with GDPR and cookies on your website.

Cookie consent under the GDPR in a nutshell

Under the GDPR, it is the legal responsibility of website owners and operators to ensure that personal data is collected and processed legally.

Websites outside the EU are also required to comply with the GDPR if they collect data from users located in the EU.

Collecting and sharing personal data

Although cookies are only mentioned once in the GDPR, cookie consent is very important, since they are one of the most common ways of collecting and sharing personal data online.
A website is only allowed to collect personal data from users once they have given their explicit consent to the relevant specific purposes of use.

Which are the requirements the websites must meet?

According to the GDPR, websites must meet the following requirements for cookie consent:

  • Consents must be specific: the user must be able to enable some cookies while leaving others disabled, so the user must not be forced to consent to all or any of them.
  • Consent must be given freely, it must not be forced
  • Consent must be revocable as easily as it is given.
  • Consents must be kept securely as a legal record.
  • Consent must be renewed annually. However, some national data protection guidelines recommend more frequent renewal, for example every six months.
  • GDPR compliance with regard to cookies is generally achieved through cookie banners, which allow users, when visiting a site, to select and accept the activation of certain cookies over others.
  • The EDPB (European Data Protection Board) guidelines state that your site's cookie banner cannot present pre-selected boxes, and continued scrolling or browsing by users cannot be considered as valid consent for the processing of personal data.