To be compliant you need to pass the following six tests

  1. Do you have a consent pop-up?

  2. Is it possible to decline cookies?

  3. Does your website block cookies until the user gives consent? (also for testing Cookie Control SDK)

  4. Is it possible to change consent?

  5. Do you have a cookie policy?

  6. Do you have a complete list of data processors?

*If you fail one or more of the above, you are not compliant with GDPR and ePrivacy.

Do you have a consent pop up?

A website needs to have a consent pop-up to be compliant. These are typically found as an overlay pop-up (see picture below) or as a banner in the website's bottom, top, or sides.

Is it possible to decline cookies?

All visitors from the EU should have the option to decline or accept cookies based on purposes.

Using the Cookie Information consent pop-up, it is possible to decline all cookies (1) or accept data processing purposes (2). See the example below.

Does your website block cookies until the user gives consent?

It is not allowed to set any non-necessary cookies before consent. All cookies should be blocked before a visitor clicks on accept or decline. At Cookie Information, we resolve this with the first-party cookies autoblocking feature and the Cookie Control SDK third-party cookies blocking.

Here is a step-by-step guide for the Google Chrome browser, followed by a video on how you check if you allow cookies before consent.

  1. Open an incognito window by clicking on the three vertical dots in the top right corner of your Google Chrome browser and click "New incognito window". Make sure to have Block third-party cookies set as "off".

  2. Go to the website you want to test.

  3. Click the lock-pad in the top right corner and see the number of cookies set before giving any consent.

  4. Accept all cookies.

  5. Click on the lock-pad in the top right corner again. If the number of cookies set has increased by more than one, this means you have implemented a solution correctly.

Is it possible to change consent?

As mentioned in section 2 about declining cookies, the legislation also states that it has to be as easy to withdraw consent as it is to give consent. Changing consent is done in two ways.

  1. You have a button or link that, when clicked, re-opens up the consent pop-up, and the visitor can then choose their consent again. You can see a short video of our standard solution here.

  2. You have a button or link that, when clicked, redirects the visitor to a new landing page with the cookie policy and the option to change/withdraw consent. You can read about that here.

Do you have a cookie policy?

You have to have a specific cookie policy in the consent pop-up or at least on a separate landing page of your website. On http://cookieinformation.com, we have a cookie policy in both places. Our product includes the option to have a standardized cookie policy in your consent pop-up and on a landing page if needed.

You can see our cookie policy here.

Do you have a complete list of data processors?

One of the newest additions to the cookie guidelines is the need for a thorough and complete list of data processors and cookies used on your website.

In the cookie policy, you should display the following information:

  • Name of the service/data processor that is placing and reading cookies on your website

  • The purpose, including a description of why you process the data and use the cookies for each service/data processor

  • The expiry of each cookie

Did this answer your question?