Cookies – what’s the big deal?

Cookies & Compliance copy

This is a simple analogy, but it helps to understand how website cookies work. When you visit a website, and you accept cookies, the website stores a small amount of data about your visit.
Imagine you are online shopping and you add some items to your shopping cart. You decide to wait and think about your purchases and close the site. You decide a few days later you want to make the purchase and revisit the site. You notice the items are still in your shopping cart. This is all possible due to website cookies.

Cookies fall largely into three categories:

  • Strictly necessary cookies: these cookies are required for your website to function. It could be the language setting you select, or it can be more complex such as a cookie from the server in order to keep the website and its data safe.
  • Functional cookies: these cookies allow the website to remember the choices you make to provide an enhanced and personalised user experience. These sometimes are categorised as strictly necessary cookies.
  • Analytics cookies: these cookies are used by analytics tools such as Google Analytics to capture data metrics about visits to the website.
  • Marketing cookies: these cookies are used by advertisers to deliver personalised adverts.

Why should you care?  

Data is becoming an increasingly valuable resource and cookie compliance is a must. It’s important to be transparent with your users about exactly how you are using their data, and that includes cookies. 

Under GDPR, you must gain consent for any personal data processing, which includes the use of non-essential cookies. In this scenario, you are not allowed to collect any cookies from your user and must set up the appropriate mechanisms on your website to ensure this happens. 

How to reach compliance

The word compliance can be daunting, but it’s relatively simple to ensure compliance and put your users first. Cookie audits, consent management, and cookie policies are key here.

Consent Management 

Consent management platforms (CMP) are fundamental for delivering a cookie-compliant website. Once integrated, you can set up: 

  • a consent banner to outline how you use cookies, and give users the option to consent or reject cookies
  • implementation of the user output onto the website to tell it to either collect or ignore cookies. Many CMPs integrate into Google Tag Manager via Consent Mode to allow you to configure consent settings
  • dashboards to see how many people are consenting and rejecting cookies.  

They also benefit users, allowing them to easily set consent preferences, and manage it at any time. 

Cookie Audit 

You’ll need to understand exactly which cookies are being used on your website, so you can create a cookie policy. If you’re using a CMP, these will usually be able to give you an active list of cookies on your site. You can also check these in your browser directly – right-click> Inspect > Application > Cookies. 

Cookie Policies 

You have your CMP in place, and you know which cookies are being used, but what now? You need a sufficient cookie policy to give your users transparency as to what they are letting themselves into. 

A good cookie policy will: 

  • explain what cookies are
  • categorise the cookies used, and why they are used 
  • list all cookies that are used within each category, with a description and duration
  • tell users how to opt out of cookies. 

What now? 

Data protection laws and technology around cookies are constantly changing, so it’s important to stay up-to-date with news and updates in the field. 

If you need help managing your website consent settings and cookies, we have a wealth of experience in creating cookie-compliant websites for our clients and their users. 

If you need a partner to improve your website’s compliance, please don’t hesitate to get in touch by emailing hello@jbidigital.co.uk or by calling us on 0207 043 2510.