If you’ve recently been through the process of getting GDPR compliant, you’ll know that sometimes there’s been a lack of guidance about how to go about it.
It covers three main areas:
Consent for analytics cookies
In the past, some businesses have chosen to ignore this advice because they tried to wrap it up as being part of the ‘legitimate’ interest of the business.
These examples are no longer acceptable.
It’s really important that on your website, you must tell people about cookies on your website, and actively gain consent for their use by getting the person who is browsing your site to opt in.
You also then need a mechanism for people to switch off the cookies they don’t wish to be in use.
So how should you tell people about your cookies?
First of all, you need to know what cookies are operating on your website? You could use a service such as Cookiebot, or, you could do a DIY search using ‘Cookie Serve’
This will display the cookies for a particular URL. Now remember that your website will have a different URL for each webpage. You’ll need to search your home page, about page, contact pages, and every page on your site.
For instance, this is what I get when I search the cookies on the home page of Private Practice Ninja’s website:
All of this information can be listed in you ‘Cookies Policy’, as part of your ‘Privacy Notice’. These could be website pages within your site that are linked to by your cookie consent mechanism – which might be a pop up or a banner.
The ICO says that banners or popups must make it absolutely clear what they are about, and the cookie consent must be gained whichever webpage the user lands on. Your site won’t be GDPR compliant if you are only gaining consent when someone lands on the home page.
It’s not acceptable to have pre-ticked boxes for consent.
People have to actively tick or slide a button to give consent (rather than withdrawing it).
Here's an example of how Private Practice Ninja requests explicit consent for people who visit our website. Visitors to the site can hover over the unticked boxes and understand what each category of cookies really means.
If you have any kind of analytics cookies on your website (and many of us will have Google Analytics running on our sites), the ICO says that these are not ‘strictly necessary’ for the functioning of the website, and so consent for the use of this cookies must be actively gained. This seems fairly straight forward.
The ICO also wants to discourage the use of ‘cookie walls’. These are mechanisms that block the use of a website to restrict access to that site until the user gives consent. The ICO doesn’t like this blanket approach, because it goes against the ethos of the GDRP about giving consent. If your arm’s being twisted by the site, then it’s difficult to say that consent was freely being given. Cookie walls are easy to spot – it’s ‘agree or leave'.
An example of the wording of a cookie wall might be:
- Collecting and analysing visitor statistics
- Integration of social media
- Embedded content us as YouTube, etc.
- If you want to view the site, you will have to accept the cookies.
- If you were to click on decline, instead of accept, you might then see the following message:
- ‘This content is blocked. Accept cookies to view the content.‘
If you have a cookie wall on your website, you need to take it down and put proper consent processes in place.
That’s the way the cookie crumbles… HERE TO WATCH THE VIDEO
If you need help with your cookies policy or getting your website GDPR compliant, get in touch.
Email me directly on firstname.lastname@example.org, and let’s get building your successful, happy Private Practice!
Now it's time for you to grow your Private Practice.