The General Data Protection Regulation (GDPR) is a European standard for cookie compliance, but it has global implications. Storing cookies is helpful because it can help you understand who uses your website, how they use it, and how you can serve them better. Integrations like the Facebook Pixel and Google Analytics are also great for your marketing efforts. Before you collect cookies, though, it’s important to make sure you’re playing by the rules.
The General Data Protection Regulation, or GDPR, is a regulation in European Union law. It deals with privacy and data protection for all individuals in the European Union (EU) and European Economic Area (EEA). Simply put, it was designed to give people more control over when and where their data is collected.
The GDPR covers, “personal data,” which includes the following according to the European Commission: “any information relating to an individual, whether it relates to his or her private, professional, or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”
If you’re using cookies to collect any kind of demographic information on your site, there’s a good chance it’s covered in the GDPR. This comes into play if anyone from the EU or EEA accesses your site.
Yes, it’s still a good idea. The GDPR applies to any organization that collects and stores personal data from any user in the European Union. The GDPR applies to any data that may be exported from the EU or EEA. In other words, companies in the United States should think about GDPR compliance if there’s any chance someone an EU citizen could visit their website. Even if you don't think this applies to you, it's nice to be straightforward with people when you're collecting cookies.
There’s no way to know for sure that someone from the EU or EEA won’t visit a company’s website, even if that company only does business in the United States. Compliance is compulsory, and the potential fines can go up to 4% of a company’s annual global revenue or 20 million euros, whichever is greater. Small American businesses aren’t likely to be prosecuted unless they do something heinous, but the stakes are high enough to make GDPR compliance worth pursuing.
Before going further, it’s important to note that none of the following is legal advice. This isn’t a complete, bullet proof solution to GDPR compliance. Your best bet is to consult legal counsel before implementing this solution.
The good news is, cookie consent is pretty accessible. This site uses Cookie Consent by Osano. This option bills itself as, “the world’s most popular solution to the EU cookie law,” and is a quick, easy, free solution. The one drawback is that Cookie Consent doesn’t doesn’t necessarily manage cookie storage.
For that reason, this site uses Google Tag Manager in conjunction with Cookie Consent, and you might want to do the same. If you’re looking for a more robust solution that can handle everything, Cookie Script is a great option. The downside to Cookie Script is that the free version isn’t much good.
It charges a monthly fee for an HTTPS connection. If your site uses secure network communication (which it should) the free version of Cookie Script won’t show up unless people elect to run unsafe scripts (which they won’t). If you don’t pay for the top subscription level, it won’t record consent anyway.
Long story short, look into Cookie Consent for a free solution, or Cookie Script for a paid one. Unless you’re familiar with Google Tag Manager, you may also want to get an analytics expert involved.
If you’re worried about data compliance, seek professional legal advice.