GDPR-Compliant Guidance on UK Cookie Law

Cookie Law Guidance Notes (GDPR-Ready)


The group of laws often collectively referred to as “Cookie Law” is currently comprised of the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the EU General Data Protection Regulation – the GDPR, which came into force on 25 May 2018. Anyone operating a website in the EU must obtain users’ consent to the use of all but “strictly necessary” cookies and similar technologies (i.e. those which a website requires in order to function correctly).

These Cookie Law Guidance Notes address the important privacy and consent requirements imposed on website owners operating websites within the EU and provide practical guidance for compliance. In line with the GDPR, this guide addresses key improvements in the law governing privacy and data protection, particularly the broader definition of “personal data” and the increased importance of obtaining individuals’ consent.

Providing clear, detailed information about your use of cookies and related technologies is very important, as is offering users real control over your cookies. In these Guidance Notes we show you some useful examples of how this can be achieved.

Brief reference is also made in the guide to the (currently draft) EU ePrivacy Regulation. This was planned to enter into force on 25 May 2018 alongside the GDPR, but has not. Consequently, the PECR remain in place. These Guidance Notes will be updated as and when more information about the ePrivacy Regulation becomes available.

This document is also available in the Website Terms & Conditions group under Website Privacy Policies.

Once you have purchased access to the appropriate document folder click on the “Download Document” link below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.