How to write a Cookies Policy for your website.

There’s a great deal involved with getting ready for GDPR compliance day – that’s May 25th, 2018 – just in case you’ve been hiding on a small island without internet these past two years.

As well as getting your data organised and protected, and getting a privacy notice drawn up, if you have a website (and I hope you do), you’ll need to declare how your site uses cookies.

Still confused about the concept of cookies? – Click on the link below…

The GDPR says: Cookies should only be placed on machines where the user or subscriber has given their consent.

If your website was built a little while ago, or, it doesn’t already expressly require the browser to give consent to the use of cookies, you’ll need to get this sorted.

When it comes to telling people about your cookies, you could lump it all in with your privacy notice, but, because cookies have a habit of changing (when you make changes to your website), you might want to make a separate cookie policy.

“Hang on a minute”, you may be thinking. “Don’t I need tech-genius to do that, and isn’t that going to be rather expensive?” Well, yes, you could indeed grab a digital wizard to take care of it all for you, and yes you could hire an (expensive) lawyer to make it look very, well, lawyery, but I think it’s actually very do-able in a Blue Peter kind of way.

What you can’t do is simply nick someone else’s cookie policy, because, a) that would be copyright infringement (and you’re not that kind of person), and b) no two websites have the same cookies.

So, as promised in my previous blog here’s a short guide to:

‘Home cooking’ your cookies policy and carrying out your ‘Cookie Audit’.


Firstly, it’s important to remember that the whole point about the cookies policy is: Explaining things in clear, non-jargony terms.

Yes, there needs to be a few lines of techy text in there, but it’s totally fine to write this in a friendly, lay way. Imagine your seven year old nephew, or your ninety six year old Great Aunty were going to read it. Keep it simple, and to the point.

  Here’s what needs to happen…

In order to tell folk about your cookies, you’ll need to know which cookies your site is using (duh!), but unless you went to coding school, you’re probably not going to be able to rattle them off verbatim.

Thankfully, there are several nifty free tools you can use to carry out an audit of the cookies currently ‘doing stuff’ on your website.
I’ve chosen two free sites to draw up cookie information, when carrying out a comprehensive audit of websites I’ve been working on with my Ninja clients. (Let’s get the boring bit out of the way and say that I’m not a lawyer, and so do get your legal folk to walk you through this if you so wish…….)

The two free cookie audit sites are:

Cookiebot invites you to enter the URL of your private practice website, and your email address, and within 24 hours they’ll send you a list of cookies that are currently on your site.

Cookiebot will:
Name the cookies.
Tell you a little bit about the ‘type’ of cookie it is
Where the cookie source comes from (because cookies can find their way onto your site from third party sites).
Very importantly, they’ll list when that cookie expires (e.g. at the end of a browsing session).

All good stuff that you can put into your cookie policy on your website.

Here’s an example of cookies I pulled up in an audit:

Attacat pretty much does the same as Cookiebot, but you get to do the hunting yourself.

Attacat will invite you to install a Google Chrome extension that sniffs for cookies, but you must clear down any cookies in your browser windows first – don’t worry, they tell you how to do this, and it’s a human-friendly tool to use.

The additional advantage of Attacat’s site, is that they can also offer you the free ‘html’ code to use on your website. This saves having to faff about with code, if that’s not your kind of thing.

  How to make a page on your website – and give it a name such as ‘Cookies Policy’.

This doesn’t have to be a work of art – it simply needs to be up there by the 25th of May, and you can give it a beauty treatment at a later date.

In your cookies policy, you’ll need to write a little bit of prose about what cookies are, and why you are using them on your private practice website – for example:

List out the cookies that you have running on your website, and you should ideally list these according to what kind they are.

Are they cookies which cannot be switched off because it will affect the way your website functions, even if they don’t store any data about the person who is browsing the site?

Are they ‘functional’ cookies – e.g. ones that might link the website with a bit of video you’ve stored on YouTube, or a pop-up that box helps you to collect email address for a MailChimp account?

State when the cookie expires, and try to include a sentence or two, which in plain English describes what that particular cookie does.

  How to gain and withdraw consent to use Cookies.

Once you’ve written your cookie policy into your website page, you’ll need to draw attention to it, because, the GDPR says that cookies should only be placed on machines where the user or subscriber has given their consent. So, you have to make a way for folks to give their consent. An easy way to do this is with a cookie permissions pop-up.

I personally really like WordPress websites, because they are super easy to use, add to, and change around, so I’m going to recommend a couple of WordPress cookie policy permissions plugins to use.

First, there’s ‘Cookie Consent’ – quick and easy to install:

Having installed a few of them now, my favourite is ‘EU Cookie Law’, because it’s a bit more adaptable, and gives you choices as to how people can accept the use of the cookies.

Go to the ‘Plugins’ section of your WordPress site, search for ‘cookies’ and find the EU Cookie Law plugin. Install it, and then go to the ‘Settings’ section in your dashboard – out will pop a side banner, and you’ll find ‘EU Cookie Law’ listed there.

You’ll need to adjust the settings according to your own wishes. Remember to tick ‘Activate’ at the top of the page, and under the ‘appearance’ section heading, you’ll need to decide where it’s going to sit on the website; will it spring out at the top right-hand corner, or at the bottom of the page?

Crucially, you should enter the destination URL of the website page where your cookies policy is housed, so that the browser can click the link to read the policy – for example:

You can also change the wording within the pop-up. I think it’s important to ask the browser to read the policy before they click to agree to accept the use of the cookies. You could get all techy and make this super granular (with lots of individual tick boxes for each cookie).

The main thing is to get the Cookie Policy on your website up and running.

The GDPR wants you to ensure that you give your browsers and subscribes the ability to withdraw consent to cookies, and you need to make that easy for them. I’ve decided to direct my website browsers to information at ‘All about’ – which has a nice link to a page which can tell your browsers how to manage cookies – it’s a clever idea to consider using a link like this in your cookie policy:

Don’t forget to have someone proof read your policy to make sure it makes sense, and yes, by all means get your clever legal folk to check it through… again…..

You may be wondering ….”How long is this going to take me?”

I think with a pint of tea, a slab of Hotel Chocolat’s Salted Caramel, and about 4 hours, it’s easily within your capability if you’re used to installing a blog on your website and you don’t mind getting your tech fingers dirty.

If you’d rather get help, Please do not hesitate to contact us here… or phone 07500 834894.

Happy Cooking!


If you feel like your Private Practice needs help with gaining referrals, effective ways to work within social media, or you have questions about GDPR, then we’re here to help.

Together we can grow your Private Practice.

Get in touch!

We are waiting to help you gain more patients and boost your referrals



email or call us 0207 993 6425