In April 2020, following a survey carried out by the Data Protection Commission (DPC), a report was published into the usage of cookies and tracking technologies on Irish websites and mobile apps.
Do you need to do anything, YES YOU DO
Any website, has until 5 October 2020 to comply with new laws governing cookies and tracking technologies. Regulation 5 of the ePrivacy Regulations and GDPR are the relevant pieces of legislation that govern the new laws on cookies and tracking technologies. you can read full report here
You have 3 options when installing automatic cookie policies on your website that comply with the new laws:
Please find below GDPR cookie compliance checklist to help you and please also refer to the Guidance document on Cookies.
GDPR Cookie Compliance Checklist
- Ensure to have a cookie banner on your website
- Ensure the cookie banner gives the browser the options to accept and reject cookies or select preferences. If the browser is only given the option to accept, this type of consent is not GDPR compliant.
- Ensure you have a data privacy notice displayed on your website and it is easy to find and understand.
- Ensure the list of cookies is grouped into necessary and non-necessary cookies that are operating on your website.
- Obtain user consent before non-necessary cookies are set on the browser’s computer device.
Do not use pre-ticked boxes.
Communication and necessary cookies do not require consent.
The list created from No. 7 above will assist you here.
- Make it possible for website users to change their cookie settings easily and provide comprehensive information about the cookies operating on your website.
- Only use the cookies for the purposes that have been outlined in your cookie banner/consent. Do not use them for any other purpose. It is all about transparency.
- If your website requires user consent for cookies, ensure that there is a record of cookie consents. The Data Protection Commission will ask for proof of consents if your website is audited.
- Ensure your website is compliant on or before the 5 of October 2020. From the 6 of October 2020 the Data Protection Commission will commence the auditing of websites.