What Does Effective GDPR Cookie Consent Look Like?

From speeding up a site to remembering the contents of a shopping basket and keeping a user signed in, cookies are a vital element when it comes to enhancing a user’s online experience. However, it’s extremely important to ensure that your site adheres to the relevant privacy restrictions, including the General Data Protection Regulation (GDPR), to protect the personal details of individual users. In this article, we’ll explain what GDPR cookie consent is about, what these banners look like and the design elements that make an effective GDPR-compliant cookie consent banner. Let’s get started.

What is GDPR cookie consent?

GDPR is a data protection and privacy policy enforced by the European Union (EU). If your website handles the personal data of EU citizens, you need to follow GDPR regulations, including GDPR cookie consent.

But what is cookie consent? Simply put, when a user visits a website, they must be informed about types of cookies the website uses and how they’re used. Users are then able to consent to the use of cookies or reject them.

Why GDPR Compliance Is Essential For Websites

GDPR provides legal guidance on how to process, manage and safeguard the personal data of EU citizens. By establishing these rules and guidelines, organisations can effectively protect personal data, which is considered of utmost importance in consumer protection.

GDPR compliance means ensuring safeguards are in place to protect users’ data and obtaining explicit consent to use cookies. Websites are required to publish privacy notices that let users know what data is being gathered, how it will be used and what rights they have as data subjects. By complying with GDPR, websites demonstrate their commitment to user privacy which builds trust with their audience.

Not complying with the GDPR can have severe repercussions, both in terms of fines and damage to brand reputation. At Proof3 we specialise in creating cookie banners that are brand-compliant, fit for GDPR and won’t negatively affect UX. Get in touch to see how we can help with your cookie banners.

Types of cookie consent banners

Not all cookie consent banners look the same. Some appear at the bottom of the page, some appear in the header and some appear as a popup.

No matter which cookie consent banner you opt for, they all serve the same GDPR-compliant purpose – to clearly display what cookies are used for. Let’s take a look at how these cookie consent banners differ.

Footer Cookie Banner

Footer cookie banners are one of the most frequently used cookie banners used on websites, particularly on eCommerce websites. They are particularly well-liked as they don’t obstruct the users attention away from important messaging or promotions on the site.

Additionally, all of the company’s information is available in the footer of the website, so all necessary privacy and compliance information can be found in the same place.

Footer Cookie Banner | Proof3

Popup Cookie Banner

Popup cookie banners are another common banner amongst eCommerce websites as they draw a user’s attention to the popup. Many popup cookie banners feature a range of customisation options for users who want to set their own preferences.

Popup cookie banner | Proof3

Header Cookie Banner

Header cookie banners are less frequently used when compared to other banner types. Although they appear above the navigation where users typically interact with your site, they can disappear when the user scrolls down. This means that you might lose out on serving valuable analytics or advertising cookies to them if they don’t see the consent banner.

Designing a GDPR-compliant cookie consent banner

Cookie consent banners are typically the user’s first point of contact on your site, so they should look well-organised, be easy to use and include certain components for GDPR compliance. Below, we’ve compiled a list of what a GDPR-compliant cookie consent banner should include:

Clear & concise information: The banner should clearly explain what cookies will be used and what they’re used for. They should avoid using technical terminology that might be difficult to understand.

Option to accept or reject cookies: Users must have the option to accept or reject cookies. They should also have the option to customise their selection at any point.

Differentiate essential and non-essential cookies: Distinguish essential cookies – those without which the website wouldn’t work – and non-essential cookies that are used for analytics or advertising. Note: Essential cookies get a green tick ‘Accept all cookies’ button and non-essential cookies get a blue tick. The user has to click to give their consent to the non-essential cookies, while the essential ones are automatically accepted.

Link to the privacy policy & cookie policy: Detailed information about how data is collected and used should be linked and clearly visible on the cookie banner.

Frequently Asked Questions

How Often Should Websites Renew Cookie Consent?

 

Cookie consent should be renewed when there are significant changes to the types of cookies used or their purposes, the privacy or cookie policies have changed or the user’s consent has expired.

Do I Need Cookie Consent For Google Analytics?

Yes, cookie consent is required for any analytics tool that sets cookies, including Google Analytics. Learn more about the effects of consent on GA4 Analytics here.

Are There Any Other Consent Legislations?

Whilst cookie consent is extremely important, it’s important to be aware of other legislations around consent. If you’re an international business in particular dealing with the personal information of users, here are some additional consent legislations to be aware of:

European Union’s GDPR  – The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. It manages how an organisation processes the data of individual EU citizens.

Brazil’s LGPD – Much like the EU’s GDPR, Brazil’s data protection law requires any organisation collecting and processing personal data to follow its data security rules. LGPD also gives Brazilian residents certain rights over their personal data.

South Africa’s POPIA– The POPIA requires businesses to provide users with a privacy and cookie policy. Businesses must honour if users don’t consent to their data being processed.
Take a look at our blog about the effect of Google Consent Mode V2 on Google Ads & GA4 Analytics to learn more.

About the author

Picture of Tiago Faustino

Tiago Faustino

Born and raised in Portugal, Tiago decided to leave the sunny beaches behind in 2011, moving to a less sunny Shropshire to pursue a career in digital marketing. Since then he amalgamated more than 12 years experience in the field, from affiliate to paid search and now digital experience. Highly analytical by default and with a passion for data, experimentation and above all else driving results for his clients. When not in the office, he can be seen playing chess or attempting to play FIFA.

Share this post

Read more

Join our DXO newsletter for hints, tips, and our latest insights