GDPR compliance, cookies & tracking codes
The General Data Protection Regulation (GDPR) was ratified by the European Union in 2016 and became law in 2018. It is designed to give individuals better control over their personal data and establish one single set of data protection rules across Europe.
Everyone has the basic right to freely browse the web without being tracked in a personally identifiable way.
In order to be completely GDPR compliant you need express permission from your visitors before you can run any tracking code that collects personally identifiable information (PII) such as name, address, email, or even computer IP address. This means users have to opt IN to any scripts/cookies that collect PII and they must be prevented from running until/unless the user gives permission.
TO COMPLY WITH GDPR:
- Where personal details are taken automatically (eg. via tracking cookies) user consent must be supplied before activation (eg. via a cookie consent pop-up).
- A link to view your privacy policy must be clearly displayed and easily found. Typically this is found in the footer on every page of the website.
- Your privacy policy must detail what personal information you’re collecting from visitors; what you will do with that information; how it is stored and who it is shared with. This includes any details that may be submitted by users voluntarily (eg. via a contact form).
If you are not using cookies, or if the only cookies being used on the website do not collect personally identifiable information (PII), then you do not need to display a cookie consent banner.
For more details, including technical advise and some things to consider before adding additional tracking scripts to your website, please read our