What does that mean for you? It means ensuring you’re compliant with the new law and avoiding a potential fine of up to £500,000.
You have my attention, but what’s a cookie?
In technology terms, a cookie is file which gets downloaded on to a device when a user accesses your site. Cookies allow a website to recognise a user’s device and store information, which can be used to analyse customer behaviours, this can be anything from log-in details and browsing history, to shopping cart contents.
So what’s changed and why does this apply to me?
In a nutshell, it used to be enough just to state somewhere on your website how you used cookies, and the steps customers could take to remove or stop them. Under the new regulations, you now have to actively seek out permission from the user to store cookies on their device, be it mobile or desktop.
The majority of cookies are simply used to ‘remember’ information about customers, but businesses must now take steps to audit their cookie usage to understand and categorise them according to their level of penetration.
OK then, so where do I start?
The best way of doing this is to ensure you have an expert, who has the tools and techniques to:
- Identify and analyse what type of cookies you are using, your current policies for obtaining consent from your customers and how you are using them
- Grade your cookies as essential, non-essential and non-intrusive, non-essential and intrusive, or obsolete
- Produce a cookie usage audit report – this will outline what each cookie is for, how intrusive it is, whether it is first or third party, how to get more information on it, and what to do about it
- Produce a cookie usage statement to add in to website’s privacy section – this will outline what each cookie is for and how to get more information on it
- Give general advice on how to ensure your website is compliant with the ICO directive as defined at the time of the audit
So I’ve done my audit. What now?
Well, first of all, don’t panic. The government recognises that with this kind of change in the law, a ‘phased’ approach must be taken before it can be enforced.
If for any reason a complaint about cookie usage was levelled against your business, you will be able to demonstrate with the results of your audit, that you have understood the change in the law, and are taking steps to ensure you become compliant with it.
The Government is giving leeway of a year to implement changes to websites, but it’s vital for any business to begin the auditing process immediately to satisfy the initial requirements of the new law.