All website owners—whether individuals, companies, public organizations, or corporations—must comply with the new guidelines from the Privacy Guarantor. This requirement applies even to inactive sites or those that haven’t been updated in months or years.
What are the main changes?
To comply with GDPR principles and privacy by design, websites can no longer pre-install cookies other than strictly technical ones. All profiling cookies must be blocked by default and can be activated only after the user’s explicit consent.
Consent collection has also changed:
- Passive actions such as scrolling are no longer valid for consent.
- Consent must be given explicitly, either with “Accept All” or through granular choices that allow users to accept or reject each individual cookie—not just whole categories like “statistics” or “marketing.”
- “Accept All” and “Reject All” options can be used for quick choices, but there must always be a customization option.
- Users must be able to change their preferences at any time.
What are profiling and third-party cookies?
Profiling cookies are used to track individuals, actions, or behavior—often for marketing and measuring KPIs in campaigns, as done by Facebook, LinkedIn, or Google. Even tools such as chat, messaging, or maps may collect user data. Explicit user consent is always required.
Activating cookies without user permission is a violation.
How should the banner look?
The banner must be properly sized for the user’s device, avoid hindering navigation (no “cookie walls”), and include:
- A link to extended privacy disclosures
- Buttons to accept, customize, or reject cookies
- An “X” button in the top right, to close the banner and explicitly refuse profiling or third-party cookies
Is a cookie consent log required?
A cookie consent log is not required.
A registry typically means saving choices sequentially over time.
According to the Guarantor, you must record the user’s current choice, but do not need to keep an ongoing log—just ensure the user’s choices are remembered for up to six months. Requests for consent should not repeat more frequently than this.
What risks do I face?
Risks are significant: fines can reach €20 million or 4% of annual turnover (whichever is higher), especially for illegal data transfers or noncompliance with regulatory orders.
Compliance is complex. Even seemingly “legitimate” solutions may fall short, leading inadvertently to costly mistakes or violations.
How can you help me be compliant?
We offer a WordPress plugin, My Agile Privacy, designed to ensure compliance with these new privacy regulations.
Key features include:
- Designed specifically for European regulations
- Hosted on your own website—no page view costs
- Fully customizable to your needs
- Comes with a default cookie list (expandable as needed)
- You can modify the default disclosures to fit your requirements
- Fast, dedicated support (response within 24/48 hours)
- Extensively tested on thousands of websites, including E-Commerce
Try a live demo on our website or the very site you’re visiting.
"How does your plugin handle the preference log?"
Our plugin tracks user choices using a technical cookie. These are stored for six months from the user’s first access or last update, then deleted—no historical record is kept. The log is a current snapshot only, not a record of past choices.
We understand there’s a lot of confusion about this topic, and we hope this explanation provides clarity.
If you have further questions, contact us here.
Where can I buy your software?
If you own a website, you can purchase My Agile Privacy here.
If you’re a web agency or privacy consultant, visit the dedicated reseller page.
