Back to main menu

Cookie consent checklist and GDPR

What is GDPR cookie consent ?

Provide accurate and specific information about the data on each cookie tracks

1 – Asking for consent

  • Check that consent is the most appropriate lawful basis for processing.

  • Make request for consent prominent and separate from terms and conditions.

  • Ask people to positively opt in.

  • Don’t use pre-ticket boxes, or any other type of consent by default.

  • Do use clear, plain language that is easy to understand.

  • Specify why you want the data and what you’re going to do with it.

  • Give granular options to consent to independent processing operations.

  • Name your organisation and any third parties.

  • Tell individuals they can easily withdraw their consent.

  • Ensure that the individual can refuse consent without detriment.

  • Don’t make consent a precondition of a service.

  • Seek consent with age-verification and parental-consent measures if offering online services directly to children.


2- Recording consent

  • Keep a record of when and how we got consent from the individual.

  • Keep a record of exactly what they were told at the time.

3- Managing consent

  • Review consents regularly to check that the relationship, the processing and the purposes have not changed.

  • Implement processes to refresh consent at appropriate intervals, including any parental consents.

  • Consider using privacy dashboards or other preference management tools as a matter of good practice.

  • Make it easy for individuals to withdraw their consent at any time, and publicise how to do so.

  • Act on withdrawals of consent as soon as possible. .

  • Don’t penalise individuals who wish to withdraw consent.

Back to GDPR summary.