To be compliant you need to pass the following six tests
*If you fail one or more of the above, you are not compliant with GDPR and ePrivacy.
Do you have a consent pop up?
A website needs to have a consent pop-up to be compliant. These are typically found as an overlay pop-up (see picture below) or as a banner in the website's bottom, top, or sides.
Is it possible to decline cookies?
All visitors from the EU should have the option to decline or accept cookies based on purposes.
Using the Cookie Information consent pop-up, it is possible to decline all cookies (1) or accept data processing purposes (2). See the example below.
Does your website block cookies until the user gives consent?
It is not allowed to set any non-necessary cookies before consent. All cookies should be blocked before a visitor clicks on accept or decline. At Cookie Information, we resolve this with the first-party cookies autoblocking feature and the Cookie Control SDK third-party cookies blocking.
Here is a step-by-step guide for the Google Chrome browser, followed by a video on how you check if you allow cookies before consent.
Open an incognito window by clicking on the three vertical dots in the top right corner of your Google Chrome browser and click "New incognito window". Make sure to have Block third-party cookies set as "off".
Go to the website you want to test.
Click the lock-pad in the top right corner and see the number of cookies set before giving any consent.
Accept all cookies.
Click on the lock-pad in the top right corner again. If the number of cookies set has increased by more than one, this means you have implemented a solution correctly.
Is it possible to change consent?
As mentioned in section 2 about declining cookies, the legislation also states that it has to be as easy to withdraw consent as it is to give consent. Changing consent is done in two ways.
You have a button or link that, when clicked, re-opens up the consent pop-up, and the visitor can then choose their consent again. You can see a short video of our standard solution here.
Do you have a complete list of data processors?
One of the newest additions to the cookie guidelines is the need for a thorough and complete list of data processors and cookies used on your website.
Name of the service/data processor that is placing and reading cookies on your website
The purpose, including a description of why you process the data and use the cookies for each service/data processor
The expiry of each cookie