Cookie Policy

Cookies are small text files that are placed on the device of a visitor to a website. They are widely used to make websites work, or work more efficiently, as well as to provide information to the website’s owner. A cookie policy provides visitors to your website with details of the cookies being used on that website. The information about each cookie will typically include its name, provider, type, purpose, and duration (i.e. how long the cookie will stay on the user’s browser).

When should you use a Cookie Policy?

If your company uses cookies to gather information about visitors to your website, you are legally required to provide visitors with clear and comprehensive information about the purposes for which cookies are stored and accessed. This information must be provided in a way that the website user will see it when they first visit your webpage. The simplest way to do this is by using a cookie policy that is embedded in a “cookie banner” or pop-up, which appears when the user first visits the website. Although it is a standalone document, it should be used in conjunction with a privacy policy, which explains in further detail how your company collects, uses, stores, transfers, and secures personal data. 

Why is a Cookie Policy important and why should you use a Cookie Policy?

Where cookies can identify an individual, they are considered to be personal data. A cookie policy is therefore an important part of complying with the requirements of the UK General Data Protection Regulation (UK GDPR). It is also required to comply with associated data protection regulations that apply to all companies that handle personal data in the UK. 

There are large potential fines for failing to comply with the UK GDPR - the most serious violations can results in fines of up to 4% of global turnover of the preceding financial year or £17.5 million (whichever is greater) and other violations can result in fines of up to 2% of annual worldwide turnover of the preceding financial year or £8.75  million (whichever is greater).

What are the common pitfalls of a Cookie Policy?

The cookie policy must be specific to your website. Before drafting a cookie policy, you should therefore conduct a cookie audit to identify the cookies that your website uses and their purposes. This information should be detailed in the policy. 

The cookie policy must be clearly accessible on your website. The layout and type of website will therefore determine how the cookie policy is presented to a website user. If your website has large amounts of dense text, a link in the footer of the webpage will be far less visible and accessible (and therefore potentially not compliant with the requirements of data protection regulation) than a link in the footer of a brief webpage with minimal material. To ensure compliance in the first instance, consider placing the link to the cookie policy in the header of the website or using a cookie banner. 

There are a number of different types of cookies. Depending on the type of cookies used, a visitor to your website may need to consent to the use of the cookie. No consent is required for “essential” or “strictly necessary cookies”. These are cookies that help make the website useable by enabling basic functions and without which the website would not be able to function properly. Other cookies, such as preference cookies, which enable a website to remember information that changes how the website behaves or looks, or marketing cookies, which track visitors across websites with a view to providing adverts that are relevant or engaging to the individual visitor, can only be used with the visitor’s consent. The consent must be freely given, specific, informed and an unambiguous indication of the data subject's wishes. The consent must also be demonstrable and given through clear affirmative action - scrolling or swiping through a webpage or similar user activity will not under any circumstances satisfy the requirement of a clear and affirmative action.


Access all the templates you need with PocketLaw. Save time and reduce risk by leveraging our extensive library of 130+ templates, which are developed by qualified lawyers.

Ready to get started? Create your cookie policy in minutes. PocketLaw offers a platform with legal documents, guidance and a clever contract management system, as well as access to partner law firms where bespoke advice is needed. All legal you need to grow your business and drive it forward.

Book a personalized demo

Enterprise ready.

ISO 27001 certified and GDPR compliant. Data encrypted at rest with AES 256 and in transit with TLS 1.2+.

For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.