Website Cookies and GDPR Compliance
Published on: 11th June 2018
By PYXI GDPR Team
Cookies are small files that are stored on your device when you visit a website. They can serve many purposes, including tracking your visitor behaviour (e.g. Google Analytics) or enabling a shop to remember what's in your basket. The current ICO GDPR guidance regarding using cookies is as follows:
What do we need to do to comply?
The rules on cookies are in regulation 6. The basic rule is that you must:
- tell people the cookies are there;
- explain what the cookies are doing and why; and
- get the person’s consent to store a cookie on their device.
As long as you do this the first time you set cookies, you do not have to repeat it every time the same person visits your website. However, bear in mind that devices may be used by different people. If there is likely to be more than one user, you may want to consider repeating this process at suitable intervals.
To notify people that we're using these cookies we used http://cookieconsent.insites.com/ and downloaded a script that alerts visitors when they are on the site that cookies are in use, and encourages them to click to consent to their acceptance of the cookies we need to use.
At the moment there is a strange contradiction between the letter of the law and the technology available for its implementation. GDPR requires that people actively consent or decline to accept cookies, however the mechanism used to store their choice for future reference is most likely to be ... a cookie! We are continuing to watch for updates on this situation and hope there will be some practical clarification on how this should work in the future.
Act Now and Keep Informed
PYXI GDPR Team: 11th Jun 2018 10:21:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
ICO Q2 Data Security Incident Trends
The ICO's figures for Q2 show that the most frequently reported data security incident relates to disclosure of data. The ICO's website has published information about Q2 2018-19's data security incidents by type and sector, and the single mo... click to read more