I hope you are done with the panicking stage of reacting to the upcoming GDPR changes and over to working on ways to become compliant. Personally, I have my moments. Most of the time I am pretty confident about how to tackle the changes brought by the GDPR, but there are still some panicking / tantrum moments.

Lately I’ve been into seeking for solutions about how to tackle Cookie Consent and GDPR.

I believe that in an ideal world this would be a GREAT fit for Google Tag Manager. To provide a solution within the product itself, for developers, marketers and business owners on how to manage Cookie Consent. Then, we would all load third party tools via Tag Manager, all our external tools would be organized in 1 place, developers and marketers would not fight anymore and there would be one way — one standard on how cookies should be managed.

But… even though I love Google they do not seem to have the same priorities as I would expect 🙄. Classic relationship. What to do. 🤷‍

OK, enough of nagging, back to reality. In the GDPR, we see cookies mentioned in Recital 30, which states:

NATURAL PERSONS MAY BE ASSOCIATED WITH ONLINE IDENTIFIERS…SUCH AS INTERNET PROTOCOL ADDRESSES, COOKIE IDENTIFIERS OR OTHER IDENTIFIERS…. THIS MAY LEAVE TRACES WHICH, IN PARTICULAR WHEN COMBINED WITH UNIQUE IDENTIFIERS AND OTHER INFORMATION RECEIVED BY THE SERVERS, MAY BE USED TO CREATE PROFILES OF THE NATURAL PERSONS AND IDENTIFY THEM.

To cut the long story short: when cookies can identify an individual via their device, it is considered personal data.

Not all cookies are used in a way that could identify users, but most are and will be subject to the GDPR. This includes cookies for analytics, advertising and functional services, such as widgets, survey, forms and chat tools.

Organizations must now find a way to use cookies in a lawful way. Implied consent or opt-out is no longer sufficient. The visitor needs to give a clear affirmative action (for example by clicking an opt-in box or change settings).

Even if we do manage to get the consent as required by GDPR, visitors must also be able to withdraw consent or opt-out at any given moment. That must also be dead simple for the visitor.

Now… how will we implement this easily on websites? I’ve done a bit of research to see what is out there. HOWEVER before I proceed with demonstrating the tools I’ve discovered let me tell you 1 thing.

REMEMBER THE BRAVEHEART MOVIE?

I remember very clearly the “Hold” scene. You could feel the tension as the horses drew nearer all the while William Wallace shouts, “HOLD… HOLD… HOLD.”

Well.. even though I am not a last minute person, I believe that in this case I would suggest (or at least this is what I am doing) you HOOOOOOLD before adding a cookie consent control to your website.

I mean there must be an easy standard on it’s way to sort this out for us (or am I dreaming).

Anyway for those that do not want to hold here is what I’ve discovered up to now.