Why you need to change your cookies policy ASAP .



If you’ve recently been through the process of getting GDPR compliant, you’ll know that sometimes there’s been a lack of guidance about how to go about it.


The ICO has very recently given a really helpful update about the use of cookies on websites:



It covers three main areas:

Implied consent

Consent for analytics cookies

Cookie walls



Implied consent

In this guidance, the ICO states that it will not accept ‘implied consent’ for the use of cookies.

In the past, some businesses have chosen to ignore this advice because they tried to wrap it up as being part of the ‘legitimate’ interest of the business.

You may also have seen on some websites, wording such as ‘This website uses Cookies. By continuing to browse our website you are consenting to our use of Cookies.’

These examples are no longer acceptable.

The ICO now wants you to take people through a process of consent for the use of cookies on your site, which means that people have to positively opt-in (e.g. with a tick box).

It’s really important that on your website, you must tell people about cookies on your website, and actively gain consent for their use by getting the person who is browsing your site to opt in.

You also then need a mechanism for people to switch off the cookies they don’t wish to be in use.

So how should you tell people about your cookies?

First of all, you need to know what cookies are operating on your website? You could use a service such as Cookiebot, or, you could do a DIY search using ‘Cookie Serve’

This will display the cookies for a particular URL. Now remember that your website will have a different URL for each webpage. You’ll need to search your home page, about page, contact pages, and every page on your site.

For instance, this is what I get when I search the cookies on the home page of Private Practice Ninja’s website:


The ICO wants us to talk explicity about what the cookies are there for, and in particular, if your site uses cookies from third parties. These might be Facebook pixels (which you might use if you have a Facebook Ad running), or a cookie from Convert Kit or MailChimp, that you are using for email marketing. You need to explain the purpose behind these cookies.

All of this information can be listed in you ‘Cookies Policy’, as part of your ‘Privacy Notice’. These could be website pages within your site that are linked to by your cookie consent mechanism – which might be a pop up or a banner.

The ICO says that banners or popups must make it absolutely clear what they are about, and the cookie consent must be gained whichever webpage the user lands on. Your site won’t be GDPR compliant if you are only gaining consent when someone lands on the home page.

It’s not acceptable to have pre-ticked boxes for consent.

People have to actively tick or slide a button to give consent (rather than withdrawing it).

Here’s an example of how Private Practice Ninja requests explicit consent for people who visit our website. Visitors to the site can hover over the unticked boxes and understand what each category of cookies really means.



Analytics cookies

If you have any kind of analytics cookies on your website (and many of us will have Google Analytics running on our sites), the ICO says that these are not ‘strictly necessary’ for the functioning of the website, and so consent for the use of this cookies must be actively gained. This seems fairly straight forward.



Cookie walls

The ICO also wants to discourage the use of ‘cookie walls’. These are mechanisms that block the use of a website to restrict access to that site until the user gives consent. The ICO doesn’t like this blanket approach, because it goes against the ethos of the GDRP about giving consent. If your arm’s being twisted by the site, then it’s difficult to say that consent was freely being given. Cookie walls are easy to spot – it’s ‘agree or leave’.

An example of the wording of a cookie wall might be:

This website uses cookies for:

  • Collecting and analysing visitor statistics
  • Integration of social media
  • Embedded content us as YouTube, etc.
  • If you want to view the site, you will have to accept the cookies.
  • If you were to click on decline, instead of accept, you might then see the following message:
  • ‘This content is blocked. Accept cookies to view the content.

If you have a cookie wall on your website, you need to take it down and put proper consent processes in place.

That’s the way the cookie crumbles… HERE TO WATCH THE VIDEO

If you need help with your cookies policy or getting your website GDPR compliant, get in touch.

Email me directly on css@privatepracticeninja.co.uk, and let’s get building your successful, happy Private Practice!


Now it’s time for you to grow your Private Practice.







email or call us 0207 993 6425

https://fb.me/privatepracticeninjahttps://linkedin.com/in/practiceninja http://www.instagram/privatepracticeninjahttps://twitter.com/PracticeNinjadojo@privatepracticeninja.co.uk