Cookies have not only been a big topic since the decision of the GDPR. Nevertheless, since the introduction of the General Data Protection Regulation in March 2018, operators of websites, blogs and online shops have to take a closer look to determine whether they are actually acting in compliance with the law. Note: This article is not a substitute for professional legal advice and I make no claim to completeness. Please check for your individual case whether further procedures are necessary to ensure that your site fully complies with the GDPR guidelines.
A simple hint is not enough!
Despite the attention that the regulation has received in recent years and the foreseeable penalties if website owners behave unlawfully, we keep coming across websites without legally compliant cookie banners.
A small banner saying "This website uses cookies. By continuing to use this website, you agree to this" is an absolute disaster for website owners. The same applies to banners that have an "Accept all cookies" button but do not offer the option of explicitly refusing their use! In many cases, cookies are even set as soon as the page is accessed and before the button is confirmed. However, the function of a cookie banner or consent management system should be to prevent all scripts from loading until the visitor has clicked on the "Accept all" or "Accept only necessary cookies" button.
How to check whether and which cookies have been set
With your browser, you can easily check if and when a site or your site sets cookies and forwards your data to other services. Here, for example, via the Google Chrome browser.
- Open any web page
- Right-click > "Examine"

- Open the menu item "Application" or "App"

- There you can go to "Cookies" in the menu on the left and find the cookies that are set

If you have already visited the site, you can delete the data stored by this website under the menu item "Clear Storage". Then reload the page and look at the menu item "Cookies" to see which scripts are loaded. You will usually find "_ga", a cookie that is set for Google Analytics, or "_fbp", the so-called Facebook pixel. With the help of these cookies, the site operators receive more information about you. However, the automatic anonymisation of visitors' IP addresses is a legal prerequisite. This means that information such as age group or geographical origin cannot be traced.
In the best case, no entries appear in your cookie menu when you reload the page until you have clicked on "Accept cookies" in the cookie banner. Furthermore, you must have the option to accept "only necessary cookies". These are scripts that have to be loaded so that the page itself functions properly. In this case, the shopping basket of an online shop, for example, can be hidden behind this, which keeps the products you have selected for purchase in its memory for the duration of your session.
Where can I get a DSGVO-compliant cookie banner for my website?
There are several cookie banner generators on the German market and the scripts can cost up to €100 per month. Don't worry, they are usually also available for around €10 with monthly billing. Cookiebot.com, a Danish provider of cookie consent banners, even offers a free version. So if you are just starting your website, blog or shop and want to keep your monthly expenses low, this is a wonderful opportunity. Of course, you have to make a few compromises in terms of use. For example, the banner cannot be changed visually (apart from the positioning). At the same time, it can only be activated for a single domain. But you get a free cookie banner generator.
To set up the Cookie Banner
After registering with Cookiebot.com, you have the option of entering your domain in the settings menu. With the free version, as already described, it is only possible to enter a single domain for the cookie banner. The scan frequency is "monthly" by default. This means that Cookiebot scans your website for new scripts every month and blocks them until the visitor has clicked on the "Accept all" button in the cookie banner. In the "Dialog box" tab, you have the option of specifying whether the banner is displayed at the top, bottom or as a pop-up. The cookies are categorized within the banner into "Preferences", "Marketing" and "Statistics". The user has the option of manually selecting which cookies should be loaded. It is absolutely necessary that none of the checkboxes are preselected. In the "Content" tab, you can customize the texts of the banner. The interesting part comes in the "Scripts" tab, because then it's all about integrating the banner. First of all, the blocking of cookies should be set to "Automatic". This ensures that all stored cookies are automatically blocked until the cookies have been accepted.
You integrate the first of the two scripts in the HEAD tag of your website. Please note that this script is always positioned and loaded before all other cookie scripts. This is the only way the banner can actually block them. The integration differs depending on which system your website or online store is based on. In Wordpress, for example, you can integrate the script directly in the theme editor in header.php. If this is too complicated for you, use a plugin such as "Insert Headers and Footers".
In Webflow CMS, the script can be integrated in the "Project Settings" area under the "Custom Code" tab. Copy the source code into the "Head Code" field. Attention: If you have stored your Google Tracking and Facebook Pixel ID in the "Integrations" tab, these will be loaded before the cookie banner script and therefore not blocked! Delete your IDs from the corresponding fields and add the integration scripts for Google and Facebook in the "Custom Code" tab under the cookie banner script.
The second script that Cookiebot makes available to you is the listing of the cookies that exist on your site. This must be included in the section of your privacy policy.
Once you have integrated the scripts, you can reopen your page in the browser and check whether and when your cookies are loaded using the method explained above. If there are cookies that the automatic scan of Cookiebot has not detected, you can add them manually in your Cookiebot Dashboard.
Conclusion
Cookie banners that comply with the GDPR have never been more important and will continue to be so. Illegal cookie banners will sooner or later have consequences for the respective operators, so it is important to draw attention to this. The integration via third-party tools is kept simple and can be done relatively quickly. And as you can see in this example, there are also free ways and means.
🎧 Podcast tip: What does the future of tracking, cookies and privacy look like?
In episode #129 of the VisualMakers Podcast, we spoke to the Director Product of Usercentrics/Cookiebot. In it, he tells us how cookies actually work, why every company should have a consent management system and what Privacy First Design is.
Curious? Click here for the episode! 👈🏼