GDPR compliance, cookies & tracking codes
The General Data Protection Regulation (GDPR) was ratified by the European Union in 2016 and became law in 2018. It is designed to give individuals better control over their personal data and establish one single set of data protection rules across Europe.
Everyone has the basic right to freely browse the web without being tracked in a personally identifiable way.
In order to be completely GDPR compliant you need express permission from your visitors before you can run any tracking code that collects personally identifiable information (PII) such as name, address, email, or even computer IP address. This means users have to opt IN to any scripts/cookies that collect PII and they must be prevented from running until/unless the user gives permission.
TO COMPLY WITH GDPR:
- Where personal details are taken automatically (eg. via tracking cookies) user consent must be supplied before activation (eg. via a cookie consent pop-up).
If you are not using cookies, or if the only cookies being used on the website do not collect personally identifiable information (PII), then you do not need to display a cookie consent banner.
For more details, including technical advise and some things to consider before adding additional tracking scripts to your website, please read our
GDPR, cookies & tracking codes (PDF file)