Requirements for a GDPR Compliant Cookie Policy

​​Requirements for a GDPR Compliant Cookie Policy

This article explains about the cookie policy and major requirements for creating a GDPR-compliant cookie policy on your website. By the end of this article, you will learn how to create a cookie policy for your WordPress website.

If you have business in the EU region, you must have heard about the General Data Protection Regulation and EU Cookie law. As part of EU legislation, these laws are aimed to protect citizens’ privacy and give them more control over their personal information. 

As a website owner, GDPR requires you to inform your users about your website’s cookie usage. Your website needs to have a properly drafted cookie policy in order to adhere to GDPR guidelines.

We are here to help you create a GDPR compliant cookie policy for your website.

Wasting no time, let’s get started.

A cookie policy is a legal document that explains to your users about cookies used on your website. Major cookie laws like GDPR and CCPA require website owners to inform visitors about the cookie usage on their websites.

Cookies are small pieces of information stored in the users’ browsers for various purposes like saving credentials and preferences, tracking user activity on the internet, for analytical and advertising purposes.

You are not required to have a dedicated cookie policy page for your website to comply with GDPR. Some website owners add cookie policies to the privacy policy page of their websites. But if you are using a lot of cookies on your website, it is recommended to have a dedicated cookie policy explaining every cookie and its functionality in detail.

The General Data Protection Regulation (GDPR) requires users’ informed consent before loading cookies on their browsers. You should add a cookie consent banner to obtain prior consent from your website visitors.

You should add a cookie policy on your website and give links to the cookie policy page on the banner. The cookie policy should explain every cookie used on the website and its purpose in detail. It is not allowed to load any cookies other than the essential cookies on your website visitors’ browsers without their consent.

Now let’s see what are the major requirements for a GDPR compliant cookie policy.

​​Requirements for a GDPR Compliant Cookie Policy are as follows:

1. Brief explanation about cookies

You should give a brief explanation about what are cookies and why are they used. Your website visitors may not have proper knowledge of cookies. Maybe the only cookie they know is that crunchy choco chipped one baked in an oven. So it is your responsibility to clearly explain to them about web cookies and why it is used.

2. Types of cookies used and how you use them

Explain the different types of cookies used on your website and how you use them. You don’t need to list all the cookies used one by one, but it is essential to let the users know what cookies are used on your website and how you use them.

The following screenshots illustrate how websites display the types of cookies used.

Descriptive types of cookies used
‘Types of cookies used’ in descriptive format

List types of cookies used
‘Types of cookies used’ in list format
Types of cookies used in tabular form
‘Types of cookies used’ in tabular form

3. Inform the use of third-party, analytical, and remarketing cookies

If your website uses third-party cookies, analytical or remarketing services like Google Ads, you have to inform your users using the cookie policy. The cookie policy should include essential details like the purpose of the cookies, what data they collect, how they process the data, etc.

4. Inform the use of other trackers

Your website may use various tracking technologies like web beacons or pixel tags to track user activity on your website. Even though they are not cookies, they interact with web cookies for tracking user data. So it is important to disclose the use of any such tracking technologies on your website.

5. Provide instructions for disabling cookies

While obtaining prior consent for cookie use is important, it is also important to let users know how to opt out of cookies. Your website cookie policy should have proper instructions on how to disable cookies for users. In addition, users should be given the option to revisit their consent at any time.

Also Read: Five Years of GDPR: A Look Back at the Impact of the EU’s Data Protection Law

We will be using the GDPR Cookie Consent plugin to create a cookie policy in WordPress. The plugin comes as a complete cookie compliance suite for WordPress websites. It will help you obtain cookie compliance for major privacy laws like GDPR, CCPA, CNIL, etc.

Now, follow the below steps to create a cookie policy in WordPress.

Step 1: Install and activate the GDPR Cookie Consent plugin

  • After purchasing the plugin, you can download the plugin zip file from the My account section.
  • Now, log in to your WordPress admin account and go to Plugins > Add New.
  • Click on Upload Plugin to upload the plugin zip file.
  • Then, install and activate the plugin.

Step 2: Create a cookie policy using the policy generator tool

With the plugin installed on your WordPress website, you will be able to see the GDPR Cookie Consent menu on the admin panel.

  • Go to GDPR Cookie Consent > Policy generator.

You can use the Cookie Policy generator tool to easily create a cookie policy for your website.

Cookie policy generator tool

On the left side, you can see various sections for the cookie policy document. You can add new sections as per your requirement.

  • Use the visual editor or the text editor to change the content for the cookie policy.
  • Now click on Live preview to preview the cookie policy.
  • After verifying with the Live preview, click on Create Cookie policy page button or the Update existing Cookie Policy page button.
  • Then publish the Cookie policy page on your website.

And that’s it. The cookie policy page is now live on your website.

Here’s a preview of the cookie policy page we created using the plugin.

Preview of the cookie policy page

Final thoughts

Apart from complying with legal regulations, cookie policies also help you gain the trust of your users. People are more concerned about their privacy these days. Complying with major privacy laws like GDPR will indicate that you value their privacy.

Make these pages easily accessible from the home page of your website. You can also add a link to cookie preferences settings on your cookie policy allowing your site visitors to change their consent at any time.

Hopefully, this article has helped you in understanding the requirements for a GDPR-compliant cookie policy.

We also have an article about how to create a GDPR compliant cookie banner on WordPress websites.

If you have any doubts on your mind, feel free to drop them in the comments section below.

Article by

Content Writer @ WebToffee. Specialized in WordPress and eCommerce. When I am not writing, I enjoy my downtime with a good cup of coffee and a movie.

Got any query? Please leave a comment or reach out to our support

Your email address will not be published. Required fields are marked *