In this post, we’ll look at cookie consent and the GDPR and what businesses can do to make sure they’re compliant.
What are website cookies?
A website cookie is a small package of data that a website sends to a user’s browser; the browser then returns the data unaltered. Cookies may be essential to a website’s functionality — for example, websites that require a login use cookies to “remember” a user who is navigating through a website, so that the user doesn’t have to log in on every page.
Cookies may also collect information for marketing purposes, such as products a user views, or the types of websites a user visits. Websites must include language that explains how they use cookies and for what purpose.
Cookies are generally classified by:
Duration
Cookies may expire at the end of a website session or when a user closes their browser. Persistent cookies are those that remain on a user’s hard drive until their pre-set expiration date, or until a user deletes them.
Provenance
This includes first-party cookies, placed by the website a user is visiting, and third-party cookies, such as advertising cookies.
Purpose
- Strictly necessary cookies — These are first-party, session-based cookies essential to website functionality. Consent is not required for these, but the website must notify visitors that these cookies are in use and explain their function.
- Preference cookies — These cookies store information about user preferences, such as location and login credentials.
- Statistics cookies — These cookies collect information about how users interact with a website, then aggregate the data to offer a view of website performance, such as the most popular pages.
- Marketing cookies — These are persistent (and usually third-party) cookies that track users' online behavior for the purpose of delivering targeted ads. These cookies may share information with other entities.
Cookie policy vs. privacy policy

GDPR vs. ePD
GDPR language covers how data is collected and used, and affords consumers certain rights to protect their privacy. That’s why it’s applicable to cookie policies.
The GDPR and Cookie Consent
Cookie consent should be affirmative
Cookie consent should be freely given
Cookie consent should be informed
Cookie consent should be accessible
Cookie consent should be recorded
Cookie consent should be changeable
Best practices for cookie management
To avoid potential fines, businesses can implement the following best practices:
Look into which cookies are on your site
Explain what cookies are
Offer a thorough explanation of how you use cookies
Allow users to change their cookie preferences

Review the accessibility of your cookie notification
Review your cookie policy annually
Consult an expert
FAQs
What is a GDPR compliant cookie policy?
Do all cookies require consent in the EU?
Is GDPR cookie consent applicable to US websites?
Monsido's Consent Manager
The Monsido team has years of experience analyzing websites and providing guidance on how to improve the user experience. Whether you’re looking to fine-tune your cookie policy or ensure every page on your site is accessible for users with disabilities, we can help.
