GDPR caused a lot extra work for businesses. Especially small businesses. When you don’t have the budget to spend thousands of pounds on legal fees, it can be tough to make sure you’re up to the high standard that you need to be. So the question is, is your website cookie policy GDPR compliant?

GDPR came in to effect in May 2018 as part of a European initiative to protect user’s data more than ever. Fed up of tiresome spam emails, or ending up on some call centre’s directory? The thought process was that GDPR would help with this. Companies have to demonstrate, clearly and in plain English, what data they wish to use and how they plan to use it. This all has to be clear in your T&C’s, cookie policy and privacy policies.

Here are the headline points to make sure your policies, including your cookie policy, is GDPR compliant:

  • Explain your lawful basis for processing personal information.
  • How long you plan to keep their data for.
  • Clearly explaining that individuals have the right to complain to the ICO if they feel you are mishandling their data.
  • Knowing and being able to clearly show an individual what personal data you have stored.
  • Only collect data with the right consent to do so.

This covers a few of the main points for websites, but GDPR isn’t just about your cookies or email newsletter or other parts of your content marketing funnel. You’ll want to have someone in the company that can monitor and be in charge of your GDPR/Data Protection and that has an understanding of all the systems you currently use to collect, store or process data.

GDPR is Complicated

Don’t worry if you find all of this confusing, complicated, or maybe even slightly over the top. The truth is, without getting a legal opinion, there’s no way to know for sure if you’re completely compliant. We recommend getting legal advice if you’re not 100% sure. It’s worth it in the long run. Even then, it’s tough to keep these policy pages on your website up to date, as you add new services like Google Analytics, Facebook Pixel, etc.

Today saw a bit of an embarrassing story come out for ICO. The Information Commissioner’s Office admitted that even their cookie policy wasn’t compliant with the rigorous demands of GDPR.

Even those who enforce GDPR are having difficulty keeping up with what needs to be done. I mean, after all, if they’re having trouble, what chance do the rest of us have, right?


Enjoyed this article? Get more insight, tips, opinions, and need-to-know info on Twitter, Facebook, LinkedIn, and Instagram.


Chris Bruno
Chris Bruno

Chris, founder and CEO of Social INK, has devised and consulted on more digital marketing and social media marketing campaigns than you can shake a stick at. He’s also got a bit of a thing for online advertising and social media advertising.