Cookies and your organisation: make sure you have a good cookie policy in place
A good cookie policy creates confidence among your visitors. Do you ask for consent for placing cookies in the correct manner?
On this page
Why is having a good cookie policy important for your organisation?
Many organisations use cookies on their website or app. Cookies may be useful, but may also affect the privacy of your visitors. That is why it is important to handle this with due care.
By being honest and clear about the use of cookies, you will gain the confidence of your visitors. This creates a better relationship with your visitors. By following the rules, you also prevent fines. The Dutch DPA is checking the correct use of cookies increasingly strictly. Reed more about this on the page This is how the Dutch DPA monitors the use of cookies.
What should you do as an organisation?
It is wise to take a good look at your cookie policy from time to time. The steps below can help you do this. You are also responsible for providing a clear cookie banner.
You do use the personal data?
Many organisations process personal data via their website, while the collected and processed data are never used. We would like to point out that information collected about visits to websites via cookies is regularly passed on to hundreds of third parties, both at home and abroad.
Do you know what can happen to this data next? Ask yourself the following questions:
- Do you really want all kinds of parties to use information about your website visitors?
- Have you investigated what kind of companies are involved and what they do with the information?
- Is this data safe with all these parties?
- Which legislation applies to those parties?
- Do you have a clear idea of what personal data are processed, for what purposes and which decisions are made on the basis of that data?
Any damage or loss is your responsibility
In addition to the risk of a penalty for violating the GDPR, you are responsible for any damage or loss caused to your visitors if their personal data are involved in a hack or data breach. Therefore, consider whether processing personal data outweighs the risks.
The benefits of not using (tracking) cookies
If you choose to no longer collect personal data from visitors to your website, you will of course no longer need to ask for permission and you can remove the cookie banner. By stopping the processing operation and deleting data already collected, you avoid violating the GDPR.
Alternatives
We would like to remind you of good alternatives for intrusive analytical applications and personalised ads. There are several services that keep statistics about your website without tracking your visitors across the Internet or creating detailed profiles of your visitors. Examples, if configured correctly, include Matomo, Apache Superset, Plausible Analytics and OpenPanel.
There are also alternatives to personalised ads, such as contextual ads. These advertisements do not violate the privacy of your website visitor. This is because contextual advertising does not look at the person visiting the website, but at the content of the web page. For example, an advertisement for a car in a message about cars. This prevents a profile from being built up of your website visitor and better protects their privacy.
DPIA
Do yo want to use cookies that are likely to result in a high privacy risk? Then you will have to carry out a DPIA. A DPIA is an instrument to map out the privacy rights of a processing in advance. By knowing what the risks are, your organisation can take measures to reduce these risks.
Ask for consent in the correct manner
You have to ask visitors of your website or app correctly for consent for placing cookies. You are only allowed to place functional or limited analytics cookies without consent. You can read more about the various types of cookies on the page What are cookies?
You have to ask correctly for consent for placing cookies. With a cookie banner you explain to visitors how their personal data are collected using cookies, and why. To help organisations get started, we highlight the nine most important aspects of cookie banners. Read more about this in: Clear cookie banners.
Make sure that visitors can refuse cookies without experiencing disadvantageous effects as a results. Refusing cookies should be just as easy as accepting them.
Provide information about which cookies you use
Explain clearly which types of cookies you use, and for what purpose. Mention this, for example, in your cookie statement or privacy statement. Make sure that these explanations are easy to find for visitors of your website or app. And that the explanations have been written in clear, understandable language.
Third parties
Do you share data with third parties? Then indicate which organisations these are and why you share these data.
Retention period and safe storage
Inform your visitors about the period during which your cookies remain active on their computer, telephone or other device. Also make sure you have appropriate security measures in place to protect the data of your visitors. For example, against theft or loss.
Professional advice
Do you have doubts about the cookie policy of your organisation? Seek professional advice then. This can help you prevent problems.