COVID-19 Update: Artonezero are still operating as normal from home. Read more

Blog

Back to all blogs

How will GDPR affect your Cookie policy?

jade-wulfraat-96023-unsplash.jpg

Perhaps you haven’t thought about how GDPR compliance and cookies, but with GDPR just around the corner it is now more crucial than ever to find out how regulation changes will impact your organisation’s marketing.

In this article, we will look at how GDPR will affect the way you use web analytics tools, like cookies, in your organisation’s marketing strategy.

Cookies are familiar for most web users. Cookies and other web analytics tools allow business to monitor visitor engagement on their website and follow up with useful marketing content, such as emails and callbacks.

While Cookies are definitely useful for your marketing team, whether or not they are GDPR compliant is where the matter can get a little bit confusing.

What do GDPR guidelines say about Cookies and compliance?

Cookies mentioned only once in the GDPR guidelines:

‘Recital 30: Natural Persons may be associated with online identities…such as internet protocol addresses, cookie identifiers or other identifiers…This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.’

Put simply, this means; if you use Cookies to identify a device or the person who is using that device, it is now treated as personal data under GDPR.

While not all Cookies are used in a way that could identify website users, most of them are. This means that cookies used for analytics, advertising and functional services such as surveys and chat tools are at risk of GDPR non-compliance, a risk that comes with serious fines and penalties.

Why are cookies potentially GDPR non-compliant?

Cookies often contain pseudonymous identifiers to give them uniqueness, and under GDPR it is this uniqueness that qualifies them as personal data. So, any Cookie that is able to identify an individual, or able to treat them as unique without explicitly identifying them means that personal data is being processed.

Under GDPR, processing the personal data of EU citizens requires organisations to gain definite and provable consent. It is this factor which puts the use of cookies at risk of non-compliance.

What’s changing with consent?

One of the most crucial changes GDPR is making to the collection and processing of personal data is the need to gain valid consent. You can find more about that in our article What is GDPR and how will it impact your business? Since this is such a huge topic in itself, we will keep our focus to consent exclusively to how it applies to the use of Cookies in this article.

Implied consent is no longer enough: Previously, most organisations have relied on the ‘implied consent’, which means for example that visitors have offered an email or phone number, or they have visited your website and taken some kind of action. Under GDPR this is no longer enough. Individuals must give their consent via an affirmative action, such as clicking an opt-in box or setting preferences. A crucial point to remember is that an individual’s opt-in to one type of contact does not mean that your organisation can assume consent for all types of contact.

Withdrawal of consent must be made easy: Even after you have been given consent to process an individual’s data, you need to make it just as easy for them to change their preference. For example, if you ask for an individual’s consent via an opt-in-box, and the opt-out option must be equally as visible.

Soft Opt-in is not sufficient: No doubt you will be familiar with the “by using this site, you accept Cookies” message that pops up on websites; in fact, you most likely use a similar message on your own website. However, under GDPR, if there is no valid consent option then it does not count as consent at all. You must make it possible for the individual using your site to be able to accept or reject Cookies.

Can I continue to use Cookies under GDPR?

To put it simply, using Cookies in your organisation’s marketing strategy in an established way is going to become increasingly harder under GDPR. While Cookies are not banned under GDPR, if you can’t prove consent on an individual basis then you are at risk of non-compliance.

If you can prove that your organisation has a lawful ground to collect and process individual’s data, then you can continue to do so. However, since the majority of business rely on implied or opt-out consent it will become increasingly hard to prove lawful consent under the tighter requirements of GDPR.

In addition, The Privacy and Electronic Communications Regulations (PECR) (the ‘Cookie law’) is being updated and brought in line with GDPR. This will mean more restrictions on how and when data analytics tools like Cookies can be used.

How can I continue to get useful information about my leads?

There are still many ways for you to get information about your leads without using Cookies – it all comes down to consent.

The simple solution is to make it easy for your leads to give consent, and give them an equally easy option to opt-out. You can then continue to process their personal data, such as their name, email address etc. Moving forward this may even mean that your lead quality increases and you can begin engaging with people who are genuinely interested in what your business has to offer.

If you need more information about how GDPR affects your customer data, or if you have are concerns that your organisation is not compliant, then contact us today.


Author

James O'Connell

Date

19th March 2018

Reading Time

4 minutes

You may also like...

rawpixel-733989-unsplash.jpg

5 types of email you should send to recruit more members

Membership associations operate in a crowded digital environment alongside large cooperates with aggressive marketing tactics and large advertising spends. For this reason, it can be tough for membership organisations to reach their target audiences – especially for membership recruitment. With this, how can membership organisations stand out, build visibility, and engage their members in a landscape where the average email user sends and receives 122 messages a day? In this article, we look at 5 types of email you should send to help you recruit more members.

Digital Marketing

Aug 22, 2018

How will GDPR affect your membership organisation

How will GDPR affect your membership organisation?

As you are probably aware, on the 25th May 2018 there will be a huge change to the UK’s Data Protection Laws in the form of the General Data Protection Regulation, or GDPR for short. This change will affect the way in which all B2C and B2B marketers are allowed to store, process and use data. Membership associations will be no exception to GDPR, therefore it is vital that you are aware and prepared for when GDPR comes into force. In this article, we answer the question: How will GDPR affect your membership organisation?

Digital Marketing

Mar 19, 2018

brooke-lark-609911-unsplash.jpg

Why offering CPD will draw more recruits for your membership organisation

As a membership organisation, you are probably already investing lots of time and money into keeping your membership website up to date, all of your content and publications are well designed, and the events that you host all offer valuable information to your membership. So what more can you do? This is where CPD software comes in. In this article, we look at how offering CPD will draw more recruits for your membership organisation

Digital Marketing

Apr 27, 2018

Some of our work

We'd love to hear from you!

Email anytime, or call us on 020 301 103 90 during office hours.

Close