The General Data Protection Regulation (also known as the GDPR) is a European Union Law aimed at ensuring that personal data is handled by companies under a lawful base while ensuring its security, privacy, and confidentiality.
The GDPR concerns the processing of personal data.
Many cookies process users’ personal data and the processing of this information is subject to the GDPR.
To process personal data, you need a lawful basis, i.e. a legal ground to process data. This can be a legitimate interest, but more often processing is based on consent.
Read on: What is legitimate interest?
Personal data is any type of data which on its own or when cross-referenced with other data enables the “univocal identification” of a natural person (the data subject). Depending on the scope and the purpose of such processing activities, there could be a potential risk factor towards the data subject to whom it pertains.
Personal data processing means collecting, accessing, storing, processing and/or sharing of personal data.
Cookies collect and process your website visitors’ personal data. Every time a person visits your company website, cookies are stored; cookies are accessed; cookies are changed in the browser of the visitor. These data typically comprise of language settings, screen size, items in the basket, but can also comprise of information about the user’s IP-address, choice of browser, and online behavior. Marketing cookies track the users across the website and internet with the purpose of creating online profiles for direct marketing.
Companies within the European Union must observe GDPR towards all data subjects regardless of their geographical location, whereas companies outside of the European Union must observe GDPR towards European Union resident data subjects.
It is the owner of the website or the company’s Data Protection Officer (DPO) who is responsible for complying with the regulations of the GDPR in relation to the data cookies process. Even if the cookies are not owned by the company, but are third-party cookies e.g. Google Analytics, Facebook Pixel, YouTube or Addthis.
First and foremost, you need a valid cookie banner on your website which has to:
Cookies are a widely used tool on a website to store data on a specific user, in which a service can access this data and then create a profile of the individual to target ads and customized content.
As the data controller, you are also responsible for the data collected by third parties on your website i.e. first and third-party cookies which process visitors’ personal data (Google, Facebook, YouTube, Addthis, Doubleclick).
Your company website uses Google Analytics to explore website traffic. Google deploys a number of cookies (first-party) in your visitor’s web browser every time the user visits your site. These cookies collect and process personal information about the visitor which may identify the visitor directly or indirectly. The data collected by Google Analytics is used for online profiling and direct marketing, and this requires explicit user consent.
We can help you reach the level of GDPR compliance you desire. We are a global privacy-tech company offering privacy solutions to both the public and private sector. Our Consent Solution is used by more than 1,500 clients and yearly we collect 15 billion consents.
Become GDPR compliant today! Book a meeting with one of our GDPR experts and get a professional solution.