On the 25th of May, the laws and regulations regarding cookies will change. The current Personal Data Protection Act will be replaced by the GDPR (General Data Protection Regulation). Every organization must draw up a new, clear privacy statement, in which full transparency is given about the use of personal data.

Personal Data Protection Act

The Personal Data Protection Act has been around for some time and indicates what is and is not allowed when collecting personal data. In May 2018, this law will be replaced.

The most important thing is that you inform the visitor briefly about what you are going to do with their personal data and how you collect it. The following information must be read in the short privacy statement that you post on your website:

  • The purpose for which information is collected and how long you keep this information;
  • How a visitor can object to the processing of their data;
  • That the visitor is entitled to file a complaint with the Authority for Personal Data;
  • State whether it is a legal, contractual obligation or necessary condition to include an agreement;
  • The privacy statement must be short, written in understandable language for the visitor and may not contain any unnecessary information.

So, make sure you pay attention to what information you request from your visitor and always ensure that it is clear for which purpose your visitors release their information.

GDPR compliance

E-Privacy Regulation: GDPR

The biggest change for visitors is that they have to indicate whether they accept or refuse cookies. This indicates internet users in the settings of their web browsers. In this way, the visitor only has to indicate once if he accepts the cookies. This applies directly to all websites. The e-privacy regulation states that the placing of cookies (tracking your visitors) is only permitted if you, as a website, adhere to the following conditions:

  • Only functional cookies may be used;
  • The analytical cookies, which are therefore connected to Google Analytics, may only be measured for own use. Sharing with third parties is forbidden;
  • The visitor is fully informed that his or her consent has been obtained.

The consequences of the GDPR

Companies that do not comply with the new GDPR may risk high fines. The maximum amount of the fine is £17,000,000 or 4% of the worldwide annual turnover (whichever is the highest amount).


Interested in a new website? Check out our web design packages, which are some of the most affordable in the East Midlands.

If you have a question, enquiry or want to start a project, get in touch and we will get back to you within 24 hours!