Blog visual Cookie policy

How to achieve GDPR compliance for your cookie policy and cookie permissions?

Leen Penders

There are plenty of websites that try to obtain cookie consent from their visitors in a way that is both incorrect and unlawful. The owners of these websites risk severe penalties: after an initial grace period, most EU countries started to impose fines for non-compliance much more actively. In Belgium, a website providing legal advice ironically had the dubious honour of being the first to be forced to pay up the round sum of 15.000 euros for violating the GDPR. Is your website GDPR-compliant yet?

According to research, fewer than 12 percent of websites are fully compliant with cookie-related GDPR regulations. Nearly nine out of ten of the websites surveyed are in violation of the regulations and do not meet the minimum standards set by law.
 

Cookie disclaimers: a thing of the past

Previously, it sufficed to inform your website visitors of cookies and data recording if they used your website. A simple cookie disclaimer would be enough for this purpose. It was up to your visitors to decide whether or not to continue browsing your website - the so-called principle of implied consent.

Today, this approach is no longer sufficient to be GDPR-compliant. Regulations require you to present your visitors with an overview of all the different kinds of cookies that your website tracks. In addition, users should be presented with the option to indicate the types of cookies they consent to.

Cookie (Consent) Banners are the way forward to ensure privacy for your website visitors. This technology allows your visitors to specify what types of cookies and tracking they consent to when visiting your website. This way, you can rest assured that your website is in full compliance with GDPR regulations - as long as your cookie banner is set up correctly… However, this does not always turn out an easy task! In this blog post, we’ll help you to get started.
 

What types of cookies are there and what are their functions?

One of the key elements of cookie consent is a visitor’s control of the types of cookies that websites are allowed to use. We can distinguish the following types of cookies:

  • Essential cookies are strictly necessary to ensure a website’s functionality.
     
  • Functional cookies store information on a user’s device to directly improve their user experience. For example, a functional cookie may be used to store a visitor’s language preference or login details, which helps to automatically sign in.

You are not required to obtain consent from your website visitors for the use of essential and functional cookies.

  • Analytical cookies provide additional insight into the way your website is used. Which pages are being visited? When do visitors leave your website? What are the most effective buttons? Google Analytics is one of the main tools that relies on analytical cookies. You can use the data they collect to improve your website and its overall user experience.
     
  • Marketing- or trackingcookies capture the browsing behaviour of your website visitors and use it to create a visitor profile. This profile can be used to personalize the browsing experience. In addition, they allow personalized advertisements.
     
  • Social sharing-cookies ensure the best possible interaction between your website and related social media plug-ins.

For this kind of cookies, as well as for the related data collection, you are required to obtain consent from your website visitors.

The categorization of your cookies should be assessed on a case-by-case basis. The first step consists of mapping the types of cookies that your website uses. Next, you can set a specific category for every type of cookie.

 

How to make your Drupal site GDPR-compliant?

One thing is for sure: your website visitors have to provide their consent for lawful collection of personal data. This consent should be "freely given, specific and informed". The same principle applies to cookies. 

To make your website compliant with GDPR regulations, you should start as follows:

Cookie policy

As we’ve mentioned before, the first step consists of mapping the types of cookies that your website uses. Next, you can set a specific category for every type of cookie.

The categorization of your cookies should be assessed on a case-by-case basis. The first step consists of mapping the types of cookies that your website uses. Next, you can set a specific category for every type of cookie. This forms the basis of your cookie policy.

In addition, your cookie policy should clearly indicate the reason why you use certain types of cookies, how long they will be stored for, and how visitors can erase or disable them. You should also clearly mention how you process your visitors’ data, whether this processing takes place within your own organization, if this happens anonymously, as well as the measures you have put in place to ensure confidentiality. You should also make sure that visitors can easily get in touch with you for extra information - therefore, always provide the details and contact information of your organization.

We recommend that you dedicate a separate page to your cookie policy, which you can refer to through your cookie banners.

Cookie banner implementation

Next up is the implementation of cookie banners on your website. You can use an existing Drupal module or a third-party solution. The implementation involves displaying the cookie banner immediately upon a user’s first visit to your website. You are required to respect your visitors’ cookie preferences and remember them for future visits.

An alternative to the embedded Drupal module is the use of a third-party solution in the form of an external tool that generates a cookie consent pop-up for your website. This solution has some drawbacks, however. Most third-party tools of this nature require you to sign up for a subscription service, based on your website’s page view numbers. On top of this, external tools often lack the personalization capabilities that organizations need to adjust the pop-up to your branding.

Support for multiple languages often proves to be yet another hurdle. External pop-ups typically adjust to the browser language, instead of the website language. A final issue is compatibility with other website scripts, such as YouTube or social media widgets. These scripts often start using cookies before the cookie banner is displayed.
 

Dropsolid puts its weight behind Drupal’s Cookie Compliance Module

The Drupal community had previously designed a number of cookie notification solutions, next to a separate CookieConsent initiative. Rather than developing an entirely new tool, Dropsolid decided to go all in on CookieConsent and help towards building a future-proof cookie solution for Drupal 7, 8 and 9.

The Dropsolid team improved the existing module, adding support for additional languages, a free choice of categories, and allowing for Google Tag Manager integration. In addition, the team added a range of minor improvements - something which we are committed to keeping up.
 

Cookie banner flow


Download the Cookie Consent Module - Flow


The Drupal Cookie Compliance Module provides the following features: 

  • Multilingual support for the cookie consent interface and its descriptions, using a language switch on the website.
     
  • No cookies will be loaded during a first-time visit until a website visitor provides their explicit consent.
     
  • The option for visitors to change their cookie preferences.
     
  • Configuration options to set the storage time for users’ cookie preference choices.
     
  • Design that can be adjusted to your branding.  
     
  • A building block that allows the video paragraph to be made GDPR-proof.
     
  • A WYSIWYG editor filter for Drupal 8 websites, enabling automatic GDPR compliance for iframes.
     
  • Google Tag Manager (GTM) integration. GTM is a leading service designed by Google that offers an interface for the management of external scripts. GTM can be used to categorize cookies and pass on the relevant information to Drupal, so the correct cookies can be matched with visitors’ preferences.

 

Looking for help with your cookie policy?

Or with the implementation of your cookie banners? Get in touch with our Digital Advisers.

Want more interesting tips? Subscribe to our newsletter.

 

 

Recommended articles
Are you building or buying? Be smart with your Drupal investment.
Corona update: Dropsolid remains at your service ... and more.
Debugging segmentation faults in Drupal
Four Ways You Can Lower Drupal’s Total Cost of Ownership
Opinion piece: A crisis that can digitally transform Europe.

Want to learn how Dropsolid Platform can help your organization increase its customer lifetime value?

Request a free trial now and get started with the Dropsolid Experience Cloud under the guidance of our CTO Nick Veenhof and our customer support teams.

Nick Veenhof CTO