The cookie law is very comprehensive. Here is a guide to making sure your business is compliant with the law.
Brexit… what now?
December 31st, 2020 was a key date for the EU and the UK: this was the day where the UK left the EU.
This means that businesses need to look out for other rules regarding cookie consent. It’s become more complicated, but here is a guide for you and your company.
1. UK businesses must adapt after Brexit
Set up your website, so it follows the rules by the UK GDPR. If you’re planning to keep doing business with customers from the EU, you need to follow the same rules as before Brexit. You just need to set your website up, so it follows the UK GDPR rules also.
You will not be affected if you are a UK based company that only sells items and services to UK citizens based in the UK.
2. EU – GDPR is replaced by the UK – GDPR
The difference between the two is small, so affected businesses can proceed as before Brexit with the same setup on their website. If your business was compliant before Brexit, then you are also compliant after Brexit.
3. You still do business in the EU
If you have both UK and EU based consumers, then you are subjected to both GDPR laws. It is complicated but relatively easy to set up. Here, the best solution would be to follow the old EU GDPR rules regarding personal data.
Violating the law
Companies can get fined for violating the law. It has been determined that violating the cookie law can result in fines up to £17.5 million or 4 % of the annual global turnover – whichever is greater.
The fine is assessed from case-to-case. The following matters are taken into consideration when determining the fine size.
– The type of violation
– The reaction from the company after finding out that there has been a violation
– The type of personal data involved in the violation/breach. The more sensitive data, the greater the fine.
There are many other factors that will determine the size of a fine. You can easily find them online if you wish to know more.
How to become compliant
All websites collecting personal data from EU citizens need to ensure compliance with the GPDR, including cookie consent. If your website has visitors from the EU, then you must present to them a visible “consent” button. It must be placed so that the visitor cannot miss seeing it. It’s then up to the visitor to accept the cookies or reject them.
3 pieces of advice to your business
1. Make sure you know your website
Most business owners do not even know their website as they are busy focusing on sales. As a business owner, you need to understand the mechanics behind a website. Because when you do, you will be more likely to prevent cookie and GDPR issues. Remember to check your website on different devices.
2. Inform your visitors about cookies
The cookie law says that you need to inform the visitors about cookies. Therefore, you need to inform them about what the cookies do. You should also give them the chance to accept the cookies or reject them. All this must be communicated as simple as possible. When informing the visitors about the cookies, you may find it useful to mention that cookies:
- Optimize the experience on the website and the design.
- Help the company generate web statistics, enabling them to tailor the marketing to the visitor as an individual.
3. Get consent from the visitor
The last part is consent. It is crucial to get consent from the visitor no matter which device they have entered the website from. It is quite easy to get from the visitor. As mentioned above, clearly present to the visitor the two options they have: giving or refusing consent.