How to get your website GDPR compliant in six steps

In 6 stappen voldoen aan de AVG

Before setting cookies on a visitors device, you need the web visitors consent (prior consent). Cookies need to be categorized, labeled and only set after consent is given. You can automate this process by using automatic cookie-control

2. Make sure check boxes are not pre-checked

Cookie categories that don’t handle personal data may be pre-checked. Cookies that do, must be actively opted into by the user to be compliant. Necessary cookies cannot be unchecked, because they are whitelisted and are necessary for the website to function properly.

On tuesday 1 October 2019 the Court of Justice of the EU (CJEU) stated in the planet49 ruling:

Pre-ticked boxes do not constitute valid consent

The initial action in the Planet49 case was started by a German consumer rights group. They stated that consent obtained through the use of pre-ticked boxes did not meet German legal requirements.
The case was first considered by the German competent court (Landgericht). It ruled that the mechanisms used to obtain the participant’s consent did not satisfy the requirements of German law. Planet49 then appealed to the German Higher Regional Court (Oberlandesgericht). The federation’s plea for an injunction was unfounded as the participants would realize that they could simply deselect the tick in the checkbox. However, the German Federal Court of Justice (Bundesgerichtshof) had doubts about the validity of the consent and information provided by Planet49. Therefore it decided to ask the CJEU for a preliminary ruling.

The CJEU reiterated: for consent to be valid it requires an unambiguous indication of the individual’s wishes. Either by a statement or a clear affirmative action. Therefore a pre-ticked checkbox used by Planet49 did not meet the standards required for valid consent. This in regard to both the General Data Protection Regulation and the ePrivacy Directive.

Cookie walls work by denying entrance to a website for users unless they give full consent to all cookies.

Er zijn meerdere bedrijven die een c
Cookie wall example, Volkskrant (October 2019).

Give your website visitor the option to change or withdraw consent. This option can be presented in your footer, cookie declaration page or by means of a widget. 

Cookie consent settings in footer.

Try the CookieInfo consent widget on this page, or on our cookie declaration page.

CookieInfo consent widget.

Cookiebot has a consent widget with a bit more detail (see below).

Give website visitors confidence in how they can handle privacy settings on your website 🙂

Cookiebot consent widget.

GDPR states you have to register all consent your visitors have given you to set tracking cookies on their devices. According to the EDPB (European Data Protection Board) website owners are allowed to do this in any way they please. You need to be able to present this log in case of an audit.

Please make sure your log contains the following:

  • Who? E.g. by logging the IP-address .
  • When? By logging date and time.
  • What? By logging the consent given (and for which category of cookies)
Consent opt-in cookie banner - CookieInfo
A consent log is available in the Cookiebot manager. It also includes statistics on cookie banner opt-ins.

6. Inform your visitors about the cookies set by your website

Make sure to inform your website visitors about all cookies set by your website by publishing a cookie declaration. Information about cookies should be accurate and specific. List the cookies with origin, duration and purpose descriptions.

Categorize (necessary, preferences, statistics and marketing)  your cookies and provide them with a purpose description.

Once a month Cookiebot will perform an automated cookie audit. It will scan your website for cookies and generate a cookie declaration. The declaration is available to your website users as part of the consent dialog’s details pane. You can publish it as a separate cookie declaration page.
The cookie declaration shows the user’s current consent state and offers the user the option to change or withdraw consent.

Have a look at the automated Cookie Declaration that Cookiebot generates.

14 day free trial Cookiebot

Cookie scanner, cookie banner, cookie declaration and cookie consent in one solution.

  • Use cookies on your website compliant with GDPR, ePrivacy and cookie legislation
  • Cookie management completely automated
  • Cookie banner based on your corporate identity
  • Automatic composed cookie declaration, always up to date
14 day free trial CookiebotStart 14 day free trial

The Cookiebot solution runs on 2 million websites, manages 6.3 billion monthly User Consents and supports 47+ languages.

Free cookie guide

Free cookie guide

The CookieInfo cookie guide is the most comprehensive online guide available with all information on cookies, legislation and techniques. Download this free cookie guide. Learn how you can use cookies on your website while being compliant with GDPR and ePR.

Download

Recent Blogs