Is your website breaking the law?
From 26th May 2012 all UK companies need to have implemented a way to obtain opt-in consent before placing cookies, or similar tracking technologies, on a user’s device under new ruling made under the Privacy and Electronic Communications Regulations. Companies that are not compliant risk fines of up to £500,000 from the Information Commissioner’s Office (ICO).

Cookies for cookie policy

What is a cookie?

Also known as browser cookies or tracking cookies, cookies are small, often encrypted text files, located in browser directories. They are used to help web users navigate websites efficiently and perform certain functions, such as remembering payment details, purchase preferences or tracking visitor activity on platforms such as Google Analytics.

How have things changed?

Rather than hiding behind an opt-out option for website visitors (applying cookies unless the user complains), websites will need to specifically gain the consent of their visitor. They must opt-in from the outset to be able to store cookies on their computer or other devices. The exemptions are few and far between, so make sure you are compliant.

What you should do

  1. Update your privacy policy: Explain what cookies/tracking devices you use on the site, why you use them and how users can both provide and withdraw consent (if you are using email marketing, the advice is less clear, see email and the cookies law)
  2. Educate your team: Inform and mobilise key staff members (legal and compliance, customer-facing colleagues, IT department, CRM and web managers, marketing team) about the change in legislation
  3. Undertake a cookie audit: Check what types of cookies you use and identify all your websites and other places where cookies might be used (i.e. mobile sites, iPad apps, etc.)
  4. Gauge the intrusiveness of each cookie: Assess your cookies against an intrusiveness scale and categorise each cookie to help identify any that may be no longer required. Categories could include: strictly necessary, necessary, performance-related, function and target
  5. Obtain consent: Choose the best method of obtaining consent to use cookies from users of your site and implement it; you could consider a pop-up box, landing page, homepage holder, banner, scrolling text, tick boxes or a terms and conditions alert. Econsultancy have recently published a blog post with some example techniques
  6. Develop and test: Obtain some end-user feedback on the experience looking at the ease of use and clarity once your method is live. Check you have used user-friendly language and the correct tone for your audience

Still got some questions?

The ICO have answered some of your FAQs in a video, summarising how you can comply and the approach the ICO is taking to enforcement.



How we can help

The responsibility for cookie compliance rests with the owner of the website. However, if you have a website built on our i.content content management system, we can help.

0845 862 5522

For £395 we can ensure you stay on the right side of the law with our bespoke cookies pack, which includes a cookie audit, a homepage holder and advice on wording for your privacy policy.

As the Head of Digital Marketing, Matt is responsible for creating the sales and marketing strategy for Itineris.

back To blog