To be compliant you need to pass the following six tests
- Do you have a Consent/Cookie Pop-up?
- Is it possible to decline cookies?
- Does your website block cookies until the user gives consent? (also for testing Cookie Control SDK)
- Is it possible to change consent?
- Do you have a complete list of data processors?
*If you fail one or more of the above you are not compliant with GDPR and ePrivacy.
**Try our Consent Solution for 30 days free of charge here: Get started!
Do you have a consent pop up
A website needs to have a consent pop-up in order to be compliant. These are typically found as an overlay pop-up (see picture below) or as a banner in the bottom, top, or sides of the website.
Is it possible to decline cookies
All visitors from the EU should have the option to decline or accept cookies based on purposes. In the Cookie Information Consent Popup, it is possible to decline all cookies or per data processing purposes. See the example below.
Does your website block cookies until the user gives consent
It is not allowed to set any non-necessary cookies prior to consent. This means all cookies should be blocked before a visitor clicks on accept or decline. At Cookie Information we resolve this with "cookie control SDK" which you can read about here.
Here is a step-by-step guide for the Google Chrome browser, followed by a video, on how you check if you allow cookies prior to consent.
- Open an incognito window by clicking on the three vertical dots in the top right corner and click "New incognito window".
- Go to the website you want to test.
- Click the lock-pad in the top right corner and see the number of cookies set before any consent is given.
- Accept all cookies.
- Click on the lock-pad in the top right corner again and if the number of cookies set has increased by more than one this means you have implemented a solution correctly.
Is it possible to change consent
As mentioned in section 2 about declining cookies, the legislation also states that it has to be as easy to withdraw consent as it is to give consent. This is typically done in two ways.
- You have a button or link that when clicked re-opens up the Consent Pop-up and the visitor can then choose their consent again. You can see a short video of our standard solution here: VIDEO 1
Do you have a complete list of data processors
One of the newest additions to the cookie guidelines is the need for a thorough and complete list of data processors and cookies used on your website.
- Name of the service/data processer that is placing and reading cookies on your website
- The purpose, including a description of why you are processing the data and using the cookies, for each service/data processor
- The expiry of each cookie
So, did you pass all of the above? If not, then you need a Consent Management System that can help you become compliant. Click this link to start your 30 days free trial: Get started!