Since the introduction of GDPR in 2018, every website that places cookies must ask for consent from visitors. A good cookie banner is not only legally required but also builds trust with your visitors. In this article, we explain what the rules are and how to become compliant.

What does GDPR say about cookies?

The GDPR and the ePrivacy Directive require that you need prior consent for placing non-essential cookies. Visitors must be able to make a free, specific, and informed choice. You may not deny access if someone rejects cookies, and the reject button must be as easily accessible as the accept button.

Essential cookies necessary for the operation of your website do not require consent. Think of session cookies for login, shopping cart cookies in webshops, and cookies that remember if someone has already made a choice. Cookies for security and load balancing also fall under this category.

All cookies for analytics, marketing, and tracking require explicit consent. This includes Google Analytics, Facebook Pixel, advertising cookies, social media widgets that collect data, and heatmap tools. Embedded YouTube videos also place cookies that require consent.

Complianz

Complianz is a popular Dutch plugin that automatically scans your website for cookies. After logging into WordPress, install the plugin via Plugins and Add New. The wizard helps you step by step with configuring your cookie banner and privacy policy.

Complianz automatically blocks scripts until consent is given and works well with Google Analytics and other tracking tools. The free version is sufficient for most websites.

CookieYes

CookieYes offers a user-friendly banner with many customization options. The plugin scans your website and automatically categorizes found cookies. You can fully customize the banner to match your branding and the texts are available in multiple languages.

A lightweight option if you want a simple banner. Less extensive than Complianz but sufficient for websites with only Google Analytics. Configure the banner under Settings and Cookie Notice after installation.

Required elements

Your banner must contain: a clear explanation of what cookies are and what you use them for, the option to accept or reject per category, a link to your full cookie statement, and a reject button that is as prominent as the accept button.

Avoid dark patterns

Do not make the reject option smaller or less visible than accept. Do not use pre-checked boxes. Ensure the banner does not block the entire page until acceptance. Do not hide the reject option behind extra clicks.

In addition to the banner, you need a detailed cookie statement. This page describes which cookies you place, for what purpose, how long they are stored, and from which parties they come. Complianz generates this automatically based on the scan.

Place a link to your cookie statement in the footer of your website, next to your privacy policy. This is mandatory and helps visitors substantiate their choice.

Setting up Google Analytics GDPR-compliant

If you use Google Analytics, additional steps are needed. Enable IP anonymization, limit data retention to the minimum, and disable data sharing with Google. Use Google Consent Mode so Analytics only activates after consent. Both Complianz and CookieYes support Consent Mode.

GDPR requires that you can prove visitors have given consent. Good cookie plugins automatically log when and what choice a visitor made. Keep these logs at least as long as you store cookies.

Tips for webshops

E-commerce websites often have more tracking: conversion tracking, remarketing pixels, and product recommendations. Categorize these cookies correctly as marketing and block them until consent. Thoroughly test your checkout process after implementing the cookie banner to ensure essential functions continue to work.

With a correctly configured cookie banner, you not only protect your visitors but also yourself from fines that can reach up to 20 million euros or 4% of your revenue. Theory7 helps you with reliable hosting and knowledge articles to make your website compliant.