- Can I set third-party cookies on my website?
- What other data protection policies does my business need?
- Fill in a short questionnaire
Cookies which are strictly necessary for you to do something that the user has asked for are exempt from the need to get active consent. For example, cookies to remember what a user has put in a shopping basket will not require consent.
For full guidance on how to make sure your website is legally compliant, see Checklist of information to include to ensure your website is legally compliant.
If your website allows third parties to set cookies on your users’ devices (eg from an advertising network), you must inform your users and obtain their consent first. This responsibility lies with both you and the third party so you will need to liaise with them to ensure that your obligations are met.
Breaches of data protection law can be costly for your business; in the worst case scenario, you could be fined up to £17.5 million or 4% of your global annual turnover and face serious reputational damage.
What other data protection policies does my business need?
Data protection compliance doesn’t start and end with cookies notices. To find out what other policies you’ll need to put into place, see our guide on GDPR policy templates. Importantly, cookie policies come hand in hand with privacy policies on a website or app; for access to a customisable template and to find out more, see our guide to privacy policies.
Before joining Sparqa Legal as a Senior Legal Editor in 2017, Frankie spent five years training and practising as a corporate disputes and investigations lawyer at leading international law firm Hogan Lovells. As legal insights lead, Frankie regularly contributes to Sparqa Legal’s blog, writing content across employment law, data protection, disputes and more.