In recent years, cookie compliance awareness has been raised and for good reasons, as the advent of data privacy laws such as the GDPR regulates cookie usage worldwide. Keep reading for a short introduction to cookies and the GDPR.

What are cookies?

Cookies are small text files containing information about website visitors. Upon visiting a website, a cookie is placed in the visitor’s browser by the website. The information stored can be anything from language settings or location to personal information such as political beliefs and sexual orientation.

Cookies were invented in the early 90’s and were named after the real-life fortune cookies. The reason for this is because the technology is also a structure containing a message similar to the pastry.

Nearly every website runs on cookies and a cookie checker tool can help you get an overview of active cookies on your website. While some cookies are essential for a website to function properly, other cookies are in use because of sales and marketing purposes. Cookies can be divided into four categories:

Necessary cookies. These cookies are required to enable basic functions on a website.

Preference cookies. These cookies remember your preferred settings, e.g., language, currency etc.

Statistics cookies. These cookies anonymously collect and report information about website visitors.

Marketing cookies. These cookies are used to track website visitors across domains for advertising purposes.

Although cookies can collect and contain sensitive data, the technology is in itself not an evil technology, as all it does is gather and store information. What is concerning is the potential damage one can do with the data in addition to the moral implications of possessing such data. This is why the General Data Protection Regulation (GDPR) was created.

What is the GDPR?

On May 25^th, 2018, the most significant data protection initiative in 20 years was enforced. The GDPR is an EU-wide data law that regulates how businesses and organizations handle personal data from end users located within the borders of the European Union.

The GDPR demands transparency and that end users are given control over how their data is used. Non-compliance can result in severe fines of up to €20 million or 4% of the global yearly turnover, whichever is higher.

This means that website owners that have visitors from inside the EU, whether intentional or not, are required to adhere to the strict regulations of the GDPR. This includes:

• Keeping record of and monitoring personal data processing activities
• Gaining and recording user consent before data collecting activities begin
• Accommodating users’ right of data portability, right of data access and right to be forgotten

The purpose of the GDPR is clearly to protect end users and to hold businesses and organizations accountable for their data handling procedures. In the past, businesses and organizations rarely faced consequences even though their data handling processes were faulty thus resulting in data breaches.

But the tide has changed with the enforcement of the GDPR. E.g., if you have detected a data breach, you are required to meet the GDPR’s 72 hour-deadline for notification or face strict consequences.