The General Data Protection Regulation (GDPR) and ePrivacy Directive (ePR) affect how you as a website owner must obtain and store cookie consents from your visitors from the EU. The GDPR is a regulation that is enforced from 25 May 2018. It affects all websites located in the European Union, and websites that have EU citizens as users.

Next in line is the ePrivacy Regulation, which is currently in process in the EU, and which is expected to be finalized in 2019. The ePrivacy Regulation will have much of the same scope as the GDPR, and will stipulate requirements aimed specifically to protect the privacy of electronic communications.

Why do I need cookie consent on my website?


Cookies of both first and third party provenance on websites track users in different ways.

For example the IP address, or merely the actions and behavior of users on the site and from site to site.

Because of the broad definition of personal data in the GDPR, if you use cookies, you need to ask for consent from your users before setting any cookies other than the strictly necessary – and therefore whitelisted – ones.

If you are using cookies that track direct personal data or data that can potentially be connected or singled out to identify or track a person, you now must either take them away, or update your cookie policy and your cookie consent in accordance with the regulations.

Many modern websites have dozens of active cookies and online tracking in use on their site.

To find out what cookies are in use on your website, you can try our free website audit.

This service scans up to five pages of your website and sends you a report on the cookies and online tracking in use on these pages, giving you an insight into the tracking of your users that is going on on your site.

Checklist of requirements for GDPR compliant cookie consents


Your GDPR and ePrivacy compliant cookie consent system should ensure that the consent is…

  • Transparent: Given on the basis of clear and specific information about data types and purpose
  • Prior: Given before any processing other than the strictly necessary takes place, also known as ‘prior consent’
  • Unambiguous: Given as an affirmative, positive action
  • Documented: Recorded and securely stored as evidence that consent has been given
  • Reversible: The users must be able to withdraw their consent whenever they want
  • Renewed: Regularly renewed. (The ePrivacy Directive proposes once a year).

The easiest way to comply is to find a reliable cookie consent software that is based upon a thorough study of the new regulations and therefore can ensure compliance with it.

Conclusively, if you have a WordPress website, the easiest way to implement cookie consent on your website is by making use of a WordPress plugin.

You can find and install cookie consent plugins in the plugin menu point in the admin area of your WordPress site.

I’d love to hear your view so do not hesitate to contact me, subscribe to this blog for free, click here to arrange a FREE Consultancy meeting, send me an email at [email protected] or Follow me below on Facebook, Twitter, LinkedIn and Instagram.