The GDPR Cookies Policy
When you visit a website, it asks your computer or mobile device to accept a cookie. The cookie is a very small piece of data which lets the website remember you and your actions. This helps identify browsing trends and patterns.
Cookies, then:
- Help businesses show customers relevant ads
- Let websites remember someone's unique preferences, which improves the visitor experience
- Identify a user
- Cookies are a powerful marketing and commercial tool, and businesses rely on them.
The General Data Protection Regulation (GDPR) affect a website owner may use cookies and online tracking of visitors.
The GDPR is the most comprehensive data protection legislation that has been passed by any governing body to this point
Cookies, insofar as they are used to identify users, qualify as personal data and are therefore subject to the GDPR. Companies do have a right to process their users’ data as long as they receive consent or if they have a legitimate interest.
In short: when cookies can identify an individual via their device, it is considered personal data.
In simple terms, the GDPR has reformed how businesses handle and process data. It replaces earlier data protection rules which weren't designed to cope with today's digitalized world, and the amount of data we share online.
Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
Because cookies can be used to identify an individual, they are subject to the six principles of processing personal data outlined in the GDPR:
Personal data must be processed lawfully, fairly, and transparently.
Personal data must be collected and processed only for specific and legitimate purposes.
Data collection should be minimized (only collect what is necessary for your stated purposes).
Accuracy of personal data should be ensured, and timely efforts should be made to rectify incorrect data (or to comply with other data management requests).
Data should only be stored as long as necessary to fulfill its designated purpose.
Appropriate security measures need to be in place when processing data.
You might be wondering why we need the GDPR. The reality is that companies need some customer data to run their business. Consumers, however, want more control over their own information. The GDPR supports this right to privacy while reflecting business realities.
A person has the right to revoke consent at any time. If someone decides they don't want you handling or storing their data any longer, you must comply. This is in line with general EU principles of transparency, fairness, individual control, and decision-making based on full knowledge of the facts.
The GDPR doesn't simply apply to any data. It covers what's known as personal data. Personal data is, put simply, any data which identifies someone or can be used to identify someone. It can be something as obvious as a name, or something less obvious like an IP address or a pseudonym.