Countdown To GDPR Compliance
For clarity there are 3 types of cookies that websites use, namely:
- Session Cookies: Theses Cookies expire once you close your browser and provide a function that allows your website to operate more efficiently. They track and store pieces of information that should not identify the user in any personal way, for example it might store that you have added an item to a shopping cart on an ecommerce website, but does not store your credit card or other personal information.
- Permanent Cookies: These are persistent Cookies that remain on your browser even after you have closed it. While persistent, by law they can not be stored on your browser for a period longer than 6 months. These can be beneficial to returning visitors like providing the function of storing usernames and passwords to assist in login without the need to enter either of these every time.
- Third-party Cookies: From a GDPR point of view it is these third party cookies which cause the most headaches. As the name suggests these cookies are left by third party websites such as Google or Facebook, and they track your visitor even after they have left your website, in fact they follow them all over the entire world wide web. The purpose of these cookies is to collect data to build profiles on users primarily to better target advertising toward them, though they can also be used more nefariously.
In a follow on post I will discuss in more detail how GDPR is changing the rules on the permissions required for the use of website cookies, and in particular the requirement to be able to control and turn off the unnecessary ones.
Related to this cookie control requirements, websites are now also required to have a cookies policy which clearly and transparently discloses:
- The ID of the cookie (name)
- the kind of cookies that the website uses (type)
- who the author of the cookie is (provider)
- for what purpose it is being used (purpose)
- when the cookie expires (expiry)
- What GDPR Means For Website Owners
- GDPR What Are Cookies and Why Do I need a Cookie Notice On My Website
- Cookie Control – The Right to Choose
- Add A Consent Tick Box to Your Data Gathering Forms For GDPR Compliance
Disclaimer: GDPR is a serious topic and can have financial & legal ramifications for business owners that do not correctly comply. As I am not a legal professional I make no claim that this article or subsequent articles definitively covers everything that website owners should know, as such I would highly recommend that you do further research on the topic and seek legal advice should you deem it necessary. You should not rely on the contents of this article as legal proof of anything and I accept no responsibility or liability for its accuracy.