• EN
    • DE
  • Login
Consent Management Platform
Consent Management Platform (CMP) Usercentrics
  • Products
    • Website Consent Management
    • Mobile App Consent Management
    • AMP Consent Management (beta)
    • Smart Data Protector
    • Automatic Privacy Policy
  • Solutions
    • CCPA Compliance
    • GDPR Compliance
    • CMP for Publishers
  • Pricing
  • Resources
    • Whitepaper
    • Case Study
    • On Demand Webinars
    • Live Webinars
    • Knowledge Hub
    • RFI Template
    • Videos
    • FAQ
    • Developer Documentation
  • Partner
    • Partner Program Overview
    • Tech Partner
    • Expert Partner
    • Reselling Partner
    • Referral Partner
    • Partner network
  • About
    • Who we are
    • Career
    • Press
    • Events
    • Contact
  • GET STARTED
  • Menu
July 2, 2020 | 3 min read

GDPR Cookies Checklist: Your Toolkit for Compliance

Resources
Knowledge Hub
GDPR Cookies Checklist: Your Toolkit for Compliance

Table of contents

Cookies and other tracking technologies have become important tools for many online businesses. Despite that, many companies are struggling to reconcile their data strategy with changing regulations and standards. 

There is a straightforward solution: Usercentrics

Uncertain about how to become compliant with GDPR and the ePrivacy Directive? We’re here to help. 

At Usercentrics we offer a Consent Management Platform (CMP) that enables your website to be fully GDPR-compliant. Not only that, it gives you the option to adapt quickly to all legal changes and technical requirements.

This Toolkit provides an easy and comprehensive step-by-step guide to bring your marketing data strategy in alignment with GDPR and the ePrivacy Directive. Using the checklist will minimize your exposure to regulatory penalties.

Important to know: There are inconsistencies between the way countries in the EU implement GDPR and some rules apply to some but not all  cases, which are not relevant enough to be covered here in detail. Please check with a lawyer specialized on data protection and privacy to make sure your data strategy fully complies with GDPR.

Understanding Cookies 

If you have an online business, you are probably using cookies or a similar type of tracking technology. Cookies are small text files that are placed on a website to track website visits and optimize browsing behavior. They are storing and processing user information when visiting a website. If you want to learn more about cookies and their different functions, please visit our article “What are cookies?“.

Cookie Compliance Checklist

What you need to do to comply with GDPR:

Requirement Key Points  Details 
Duty to provide information 
  • Let users know you are using cookies or other tracking technologies;
  • Explain what your cookies are doing and why (purpose);
  • Include this info in an easy to read, find and understand Privacy Policy 
  • Name and contact of data controller;
  • Purpose;
  • Categories of users and personal data; 
  • Transfers of personal data to third countries;
  • Time limit of deletion of personal data;
  • General description of security measures (to be prepared for e. g. Against cyberattacks)
Consent
  • Obtain your users  valid consent to store a cookie on their device
  • Explicit: Active acceptance e.g. ticking a box or clicking a link;
  • Informed: Who, what, why, how long?;
  • Documented: You have the burden of proof in the case of an audit;
  • In advance: No data is to be collected before opt-in i.e. cookies cannot be set on your website before the user has consented to them  
  • Granular: Individual consent for individual purpose – i.e. consent cannot be bundled with other purposes or activities
  • Freely given: “Accept” and “Reject” button
  • Easy to withdraw: opt-out on the page;
  • Exception: strictly necessary cookies(= essential cookies)
Setting cookies
  • Collect and process data with cookies only with valid consent. 
  • Loading: Ensure cookies are not loaded until the user has given his consent.
  • User Refusal: In the case that a user refuses processing, no cookies must be set; however, users should still be allowed to access your service even if they refuse to allow the use of certain cookies.
Legally compliant documentation 
  • Document and store consent received from users.
  • Data Protection Authority (DPA) Audit: Comply with documentation obligation and be able to demonstrate the users’ consent in case of an audit by data protection authorities.
Opt-out
  • The objection must be as simple as the opt-in.
  • Easy in, easy out: Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.
  • External links: to a third page for opt-out are not sufficient. 
  • After Opt-out: it must be ensured that no further data is collected and forwarded from the moment of the objection, i.e. the opt-out must also be technically linked to the cookie and, at best, documented.

Need more info? More detailed explanations about cookie related regulations within GDPR can be found in our interview series with subject matter experts from the law firm Reed Smith. You can watch the videos here: 

Are cookies personal data?

Do I need a user’s consent for cookies?

 

Next Steps

Scan your website

Scan your website

Check your privacy compliance
Request a demo

Request a demo

Schedule for free
Get started

Get started

See our pricing

Legal Update

Always up-to-date: With our legal update, we keep you up to date with the latest trends around data protection.

Products

  • Website Consent Management
  • CMP for Publishers
  • Mobile App Consent
  • Automatic Privacy Policy
  • Smart Data Protector
  • AMP Consent Management (closed beta)

Resources

  • Whitepaper
  • Case Study
  • On Demand Webinars
  • Live Webinars
  • Knowledge Hub
  • RFI Template
  • Videos
  • FAQ
  • Developer Documentation

About Us

  • Who we are
  • Career
  • Press
  • Events
  • Contact

Our Mission

Helping companies to achieve compliance in harmony with their marketing strategy.

Legal

  • Legal Notice
  • Privacy Policy
  • Terms and Conditions

Address

Usercentrics GmbH
Sendlinger Straße 7
80331 Munich
Germany

© Copyright 2021 Usercentrics

This website and all services provided by Usercentrics are not intended for users and companies outside of the European Union, U.K. or Switzerland.

Cookie Walls can’t be legally forbidden French CNIL says Cookie Walls can’t be legally forbidden French CNIL saysUsercentrics GmbH iab europe Logo TCF 2.0 Transition Guide: What publishers must know
Scroll to top