GDPR compliant cookie policy for your web page

GDPR requires that you have a cookie policy and corresponding cookie banner to alert visitors of this.

Following on this find out the checklist provided by the ICO, to check if your are compliant with the GDPR cookie policy.

Understanding cookies

☐ We understand what cookies are and what they can be used for.

☐ We know the difference between session cookies and persistent cookies.

☐ We know the difference between first party and third party cookies.

☐ We understand what ‘similar technologies’ are and how PECR applies to them. 

Auditing our use of cookies

☐ We know what cookies our online service either already uses or intends to use.

☐ We have removed any cookies that we don’t need.

☐ We have confirmed the purposes of each cookie.

☐ We identify what information each cookie processes, including whether they are linked to other information we hold about our users or otherwise involve processing personal data.

☐ Where personal data is involved, we have ensured that we process this data in line with the requirements of the UK GDPR.

☐ We have confirmed whether our cookies are session or persistent cookies.

☐ We have confirmed whether our cookies are first party or third party cookies.

☐ We have appropriate arrangements in place for the use of any third-party cookies, including what information they share with any third party, how it is shared, and what our users are told.

☐ We have established how long our cookies last and that this duration is appropriate.

☐ We have identified those cookies that are strictly necessary, and those that are not. 

Information about cookies

☐ We have ensured that we provide clear and easy to understand information about the cookies we use.

☐ We have ensured that our information is comprehensive and covers all the cookies we use.

Consent for cookies

☐ We have implemented a consent mechanism that allows users of our online service to control the setting of all cookies that are not strictly necessary. 

☐ We ensure that our consent mechanism ensures the consent we obtain is in line with the UK GDPR’s requirements. 

☐ We keep any records of cookie consent for an appropriate period of time. 

Documenting and reviewing our cookie use

☐ We have documented all of the above.

☐ We have built in an appropriate review period.