To be compliant you need to pass the following six tests

  1. Do you have a Consent/Cookie Pop-up?

  2. Is it possible to decline cookies?

  3. Does your website block cookies until the user gives consent? (also for testing Cookie Control SDK)

  4. Is it possible to change consent?

  5. Do you have a cookie policy?

  6. Do you have a complete list of data processors?

*If you fail one or more of the above you are not compliant with GDPR and ePrivacy.
**Try our Consent Solution for 30 days free of charge here: Get started!

A website needs to have a consent pop-up in order to be compliant. These are typically found as an overlay pop-up (see picture below) or as a banner in the bottom, top, or sides of the website.

Is it possible to decline cookies

All visitors from the EU should have the option to decline or accept cookies based on purposes. In the Cookie Information Consent Popup, it is possible to decline all cookies or per data processing purposes. See the example below.

It is not allowed to set any non-necessary cookies prior to consent. This means all cookies should be blocked before a visitor clicks on accept or decline. At Cookie Information we resolve this with Autoblocking for first party cookies and The Cookie Control SDK for third party cookies.

Here is a step-by-step guide for the Google Chrome browser, followed by a video, on how you check if you allow cookies prior to consent.

  1. Open an incognito window by clicking on the three vertical dots in the top right corner and click "New incognito window".

  2. Go to the website you want to test.

  3. Click the lock-pad in the top right corner and see the number of cookies set before any consent is given.

  4. Accept all cookies.

  5. Click on the lock-pad in the top right corner again and if the number of cookies set has increased by more than one this means you have implemented a solution correctly.

As mentioned in section 2 about declining cookies, the legislation also states that it has to be as easy to withdraw consent as it is to give consent. This is typically done in two ways.

  1. You have a button or link that when clicked re-opens up the Consent Pop-up and the visitor can then choose their consent again. You can see a short video of our standard solution here.

  2. You have a button or link that when clicked redirects the visitor to a new landing page with the cookie policy and the option to change/withdraw consent. You can read about that here.

You have to have a very clear cookie policy in the Consent Pop-up or at least on a separate landing page of your website. On we have a cookie policy in both places. Our product includes the option to have a standardized Cookie. Policy in your Consent Pop-up and on a landing page if needed.

You can see our Cookie Policy here.

Do you have a complete list of data processors

One of the newest additions to the cookie guidelines is the need for a thorough and complete list of data processors and cookies used on your website.

In the Cookie Policy, you should display the following information:

  • Name of the service/data processer that is placing and reading cookies on your website

  • The purpose, including a description of why you are processing the data and using the cookies, for each service/data processor

  • The expiry of each cookie

So, did you pass all of the above? If not, then you need a Consent Management System that can help you become compliant. Click this link to start your 30 days free trial: Get started!

Did this answer your question?