Join the next free Confident Website Creation Challenge to start your website from scratch

GDPR and cookies on your website

Last updated Nov 17, 2020

What the new guidance around cookies means for you

This time last year, we were all recovering from the flurry of information around GDPR and the scramble to make sure that our mailing lists and  Privacy Policies were in order. 

At the time, the guidance around cookies was fairly vague, and so we could heave a sigh of relief that probably not much was going to be enforced in that area until we had further guidance.

We knew it was coming…

A year on, and that further guidance from ICO (Information Commissioner’s Office) has been released. You can read their full article around cookies and their new guidance here. 

In the UK, cookies are primarily regulated by the Privacy and Electronic Communication Regulations (PECR), and not by GDPR. However, the two are closely related.  Mainly because, in the eyes of privacy laws, the use of cookies is seen as processing personal data. And that’s when GDPR then kicks in.

DISCLAIMER: I am NOT a data protection lawyer, so please do not construe anything in this article as legal advice. I am outlining what my understanding is of our new obligations, and how I have implemented it on my website. To ensure that your website is compliant, please engage a lawyer.

It’s imperative that you have a GDPR compliant Privacy and Cookie Policy live on your website, before implementing an effective cookie consent measure.

Last year, I bought Suzanne Dibble‘s GDPR pack to ensure that I had access to legal templates and checklists, and I have been following her advice around cookies too.  

There are many many clauses and nuances to the new guidance that I could list here, but it’s somewhat overwhelming, so I’m outlining the main takeaways which I think will be most relevant to us. This is by no means exhaustive, and you should read the full guidance here. 

Implied Consent

In the same way as we realised with our mailing lists, implied consent is no longer acceptable. Visitors to our website have to actively agree to  the use of cookies. 

As website owners, what this means is that we need to have a mechanism whereby users on our site can agree or reject the use of cookies, BEFORE the cookies are fired on the site.  

What this means is that:

  1. visitors need to take a clear positive action. Telling them that “continuing to browse the website implies consent”,  is not valid;
  2. granularity – our visitors need to have the ability to consent to cookies used for some purposes, but not others; and
  3. no pre-ticked checkboxes or sliders set to ‘on’ or ‘enabled’ – the default option for non-essential cookies must be ‘off’.

Transparency on how you are GDPR compliant

GDPR is all about transparency of informaiton.

So the information which we supply about the cookies must be transparent too. (i.e. “concise, transparent, intelligible and easily accessible form, using clear and plain language“). 

I tried out a lot of cookie plugins, and many fail this standard.

Be specific about which data you track and how it doesn’t breach GDPR laws

If you’re using third party cookies from the likes of Facebook and Google (commonly used for advertising (re)targeting and tracking purposes), they must be specifically named.

Common cookies you’re likely to encounter (amongst many others) include: 

  • Google Analytics or other analytics services
  • Google Adwords, Facebook or other advertising networks
  • Pop-ups
  • Heatmaps
  • Push notifications
  • Video players
  • Appointment schedulers
  • Shopping carts
  • Live chat
  • Cloudflare and CDN services 

What does it mean for your website? 

I have tried out a lot of tools and plugins to see how they shape up against the new guidance. 

One of the biggest issues that I faced is that we need to audit the cookies on our website in order to comply with the transparency that is required. And that’s not always straightforward. 

So I wanted to find something that could scan the site for cookies that are in use, and list them out. 

There are a few plugins I found which do this, and all of them are premium plugins. If you come across one which is free, I’d love to hear about it. 

The one which I went for is the GDPR Cookie Consent plugin by WP Eka. And used in conjunction with Cookiepedia, it’s a great combination.

GDPR Cookie Consent

This plugin is the closest that I have found to complying with all of the new guidance and is the easiest to implement.


A great tool to use in conjunction with your GDPR Cookie Consent plugin to effectively  identify cookies and their usage.

 The GDPR Cookie Consent plugin scans your site for you, applies information around all of the cookies that it can identify on your site, and can be up and running on your site within minutes. If you want to customise it, you may want to carve out 20-30 minutes to do so. 

It’s the one that I have in use on this website, and I have created a video and a checklist which outlines exactly how I customised it and the steps that I took  which I believe make it even more GDPR compliant. 

There are some areas which I believe could be improved upon, such as having the ability to have the boxes unchecked by default, because strictly speaking, they shouldn’t be. I have been in touch with the developers to see if that’s a feature that they can roll out. I’ll keep you posted. 

In the meantime, you can view the step-by-step video which I created to show how to customise the cookie consent plugin. View the video and get the checklist


Honestly, I don’t think it should have been as hard as I have found it to get somewhere close to a straightforward solution. I’m hoping that my digging around will make this a reasonably easy process for you.

These are the steps that I have taken on my website, and hopefully you’ll find it a breeze to implement on yours.

Will your website be compliant if you follow through with all of this advice. 

No. There are so many strands to GDPR, that this one element on your website won’t make you fully compliant. But it will move you a step closer. You should really have a data protection lawyer carry out a full audit of your site if you need to be sure of compliance. 

Heads up! This post contains affiliate links. It means that if you buy something through one of those links, you won’t pay a penny more, but I may receive a small commission in return for referring you to the site. It enables me to provide more quality content for other people starting out, and it helps keep the wolves from the door.

You can read my full affiliate disclaimer here. 

Vicky Etherington

Vicky Etherington has been running her own online marketing agency since 2003, and in 2014 transitioned to working with coaches and therapists to teach them how to create their own client-attracting websites. 

Become Part of
The WordPress Happy Community

Join 2000+ other service-based entrepreneurs
who are empowering themselves to DIY their WordPress websites and online marketing with confidence.

If you want to accelerate your website journey, side-step all the tech meltdowns, and create your own  client-attracting website from scratch, join my Rock That Website. You’ll get a proven step-by-step roadmap to build your own successful site with confidence.

Posted in: Website tips

Did you enjoy this?
Here are other articles you may like

What metrics should you track on your website?

What metrics should you track on your website?

In this two-part series, we are going to explore a topic some of you don’t like talking about at all: metrics.  Don’t click away because you’re already overwhelmed!  Metrics can seem complex at first, or maybe even unnecessary, but they are indispensable...

Setting up Google Analytics for Success

Setting up Google Analytics for Success

Without any kind of measure on our business, we're operating without any kind of navigation. Google Analytics is the tool that will help you come to grips with your users online behavior. Otherwise you will feel lost without any metrics. For so many years, I did...

Creating an effective website plan for your success online

Creating an effective website plan for your success online

How to create an effective plan for your website You’ve done it!  You have taken the leap, and you’re all set up with a nice, shiny new website!  Now you can sit back, relax, and wait for your inbox to get flooded with people asking how they can work with...

Why I love WordPress

Why I love WordPress

I might be a website designer (I know we sometimes get a bad rap), but actually, I'm a WordPress designer. Because it's the only website platform I work with. And there’s a very straightforward reason for that: I love WordPress!   I’ve used other CMS and...

Join the Discussion


Submit a Comment

Your email address will not be published. Required fields are marked *