July 21, 2022

The Cookie banner checklist

The Cookie banner checklist

Since the European Union's General Data Protection Regulation (GDPR) and the ePrivacy Directive (also known as the EU cookie law), as well as similar data privacy laws that came into effect, you've been told that you need to have a cookie banner on your website.

Do you need a cookie banner?

We've all seen them before but do you need one? Chances are, if your website provides services to EU, California, Brazil, South Africa (and many more) citizens, and uses cookies - both your own and third-party - that collect personal information, then you should have a cookie banner in order to comply with data protection regulations.

How does cookie banner work?

A cookie banner is a pop-up notice on websites and apps upon the user’s visit to inform, as well as to collect cookie consent. It is designed to notify the website visitors of the use of cookies, their user rights in regards to those cookies, and to request the visitors' grant and consent to allow those cookies toprocess their personal data.

What does it actually need to include to be GDPR compliant?

Let us break it down for you in 4 categories:

1. Information it should include

  • Information about what the website's cookies are, and what each button does
  • The purposes of cookies that are set (cookie categories): why are personal information being collected
  • A list of all the services that set cookies
  • Information about the services
  • - Address of the services (to inform the user if they are inside or outside the EU)
  • - Names of the services
  • - Website URL
  • - Link to your privacy policy
  • State which types of personal data are collected by the services
  • A list of the cookies that the services set on the website
  • - The purposes of the cookies
  • - The lifetime/expiry date of the listed cookies

2. Functionalities it should have

  • A button to accept all cookies
  • A button to reject all cookies
  • A button to “learn more” about the cookies that are set
  • The ability to block cookies before giving consent

3. Legal Requirements it should meet

  • A data processing addendum (DPA) from your CMP provider
  • Proof of consent i.e. the data controller should be able to demonstrate that the data subject has given consent to the processing operation
  • Obligation to inform the user (GDPR Art. 13) e.g. where their data was collected; what it is used for; if a transfer to a third country or IO happening; who the processor(s) are; and most importantly: if data is used for profiling, their right to object for further data processing

4. Nice and definitely advantageous to have

  • To have a function of scanning a website to determine the cookies it sets
  • To automatically block cookies until the user gives consent
  • To abide by accessibility frameworks when it comes to the design of your banner
  • To have a European provider for your banner
  • To provide access to the opt-in statistics on your website or app

Although there are no official cookie banner requirements in terms of design, you might consider the following to not only comply with the GDPR, but also improve the experience of your website visitors.

  • Good user experience - the banner's text should be in clear, plain, and unambiguous language for any average visitor to understand its content.
  • Take accessibility into consideration to ensure every website visitor can choose their privacy preferences with ease.
  • Have the design align with your website's.
  • Consider the countries where your website visitors are browsing from and the languages that they might prefer in order to understand the information displayed on your cookie banner.

TRUENDO is an Eu-based, all-in-one GDPR compliance solution for websites and apps. It is a consent management platform with built-in, auto-generated, auto-updated privacy policy and cookie policy. It allows your website visitors to give explicit consent and change their privacy preferences with ease, its cookie policy provides detailed but eas-to-understand information about the individual services and trackers that collect and process personal data, and the GDPR user rights are listed in its privacy policy to help them make well-informed decisions.

On top of all the necessary information and functionalities that a cookie banner should include, TRUENDO is highly automated and cusomtizable. It automatically scans your website once a month to ensure that you're compliant; it's designed according to the WCAG 2.0 accessibility framework so that people with a wider range of abilities can exercise their right to privacy; it has an auto-block feature that stops all non-necessary third-party cookies; and it has a statistics dashboard - Insights, to make GDPR compliance easier than ever. Interested to know more? You can check out the full list of features here.

How to add cookie banner to website?

With TRUENDO, it's simply copy and paste for any website. See just how easy it is in this video:

How to add cookie banner to WordPress website?

W‍ith the TRUENDO WordPress plugin, you only need to follow 3 easy steps. You can check out our WordPress plugin page, or watch this video:

Disclaimer: TRUENDO is a Consent Management Platform with an integrated Privacy Policy and Cookie Policy. It is a website privacy solution for GDPR and CCPA compliance. However, there are many aspects of the GDPR an organization needs to cover, website compliance is only one of these things. The implementation of a data protection law compliant Consent Management Platform (CMP) is ultimately at the discretion of the respective data protection officer (DPO) or legal department. To ensure your organization is fully compliant and up to date with the latest regulations, or to learn more about the other aspects to being GDPR compliant, such as creating a data inventory, conducting Data Protection Impact Assessments (DPIA), or implementing a system to handle large amounts of Data Subject Access Requests (DSAR), we advise that you seek legal counsel.