Greece: New requirements for using website cookies

The Greek Data Protection Authority is following fellow European DPA’s and tightens the requirements for using cookies on websites. New rules will impact a majority of Greek businesses.

On February 25th, 2020, the Hellenic Data Protection Authority (HDPA) published a new set of guidelines on cookies and similar tracking technologies, thereby tightening the requirements for data processing as specified in the ePrivacy Directive and the General Data Protection Regulation (GDPR).

The new requirements emphasize:

  • Website visitors must give consent before cookies and other trackers are placed (including marketing and statistical cookies).
  • Users must be thoroughly informed about the use of trackers in a cookie pop-up and in a cookie policy.
  • Not allowing visitors to use the website without having given consent is considered bad practice*

*Websites may not use the ‘data for access’ method (cookie walls) and may not provide the user with no option for declining/rejecting cookies and trackers.

The HDPA has given data controllers (website owners and publishers) a two months grace period in order to make arrangements for cookie compliance.

Privacy on the rise in Europe

European data protection is only moving in one direction: a direction in which existing rules and requirements are clarified and updated guidelines to cookies and data processing are published almost by the hour.

Most recently, The Danish Data Protection Authority (Datatilsynet) released what seems to be the strictest interpretation of the GDPR when it comes to cookies and data processing.

The Danish DPA requires that all websites must:

  • Present visitors with an option to decline cookies on the consent pop-up’s primary page*
  • Obtain valid consent before placing any cookies or trackers on the user’s device**
  • Inform visitors more thoroughly about data controllers and data processors (in the cookie banner).***

*the possibility to decline cookies can no longer be placed ‘one-click-away’ e.g. in cookie settings.

**except technically necessary cookies (not Google Analytics here).

***It’s not enough to refer to Doubleclick as a data processor, but also to the owner of Doubleclick, the more well-known Google.

The Danish DPA has not given any grace period and expects websites to comply with the new requirements.

Looking to meet the requirements outlined by European Data Protection Authorities for using cookies on your website?

Look no further. Cookie Information offers a leading European Consent Management Platform where you can comply with the ePrivacy Directive (the ‘cookie law’), the GDPR and the requirements by your national Data Protection Authority.

Read more about our Consent Solution (for cookies) here


get an assessment of your business’ cookie compliance right here [completely free].

Share on facebook
Share on twitter
Share on linkedin
Share on email

No credit card needed

Start your free trial

250,000 clients already trust us with their website's cookie compliance ​

Is your website GDPR cookie compliant?

We'll give you the answer quickly - completely free
Free Webinar

How to perform GDPR compliant analytics and digital marketing

The guide to cookie consent in Sweden, Norway & Finland