Skip to main content
Illustration showing cookies and the Google search front page

You’ve probably heard about cookies, cookie consent and GDPR. But what are cookies exactly and why are they important for your website? Let us take you inside the kitchen of GDPR compliance and show you what you need to know to have a GDPR-proof cookie policy that hits all the legal spots.

What are cookies exactly? 

Cookies are bite-size text files placed on your computer to collect standard internet log information and visitor behaviour information.

Cookies can be classified into 5 different types

5 different cookie types 

Cookies can be classified into 5 different types: each one records different data. When building a list of cookies for your cookie policy it is necessary to group them into these 5 categories.  

  • Essential cookies 
    • These cookies are required for the website functionality and therefore cannot be switched off. 
    • If you prefer to also block these cookies, you will have to disable the acceptance of cookies inside your browser settings. Note that by doing so, this might make this website unresponsive, or some features might become inaccessible
    • Essential cookies never store personal information to the extent you can be identified as a user; all information is anonymous
  • Functional cookies 
    • These cookies are used to enhance the functionality of the website. For example, the integration of a cookie to allow to keep your preferences on a filterable page. 
    • Functional cookies never store personal information to the extent you can be identified as a user; all information is anonymous
    • We recommend accepting these cookies to allow to use the full experience of the website. 
  • Performance cookies 
    • These cookies allow us to ensure we can measure the visits and the traffic to our servers, to ensure the performance of the website is guaranteed. 
    • All information that is gathered, is stored anonymously, and cannot allow us to identify you. 
  • Analytical cookies 
    • These cookies are implemented to allow us to analyse the visitor’s behaviour, to better serve them in the future.  
    • All data that is gathered is stored anonymously and cannot be linked back to the visitor. 
  • Advertisement cookies 
    • These cookies are set by the advertisement partners that are implemented into the websites. The information could be used by the partners to build a user profile to better serve information on this or other websites.  
    • The partners will not be able to store any personal information, they can use information on the website to build an anonymous targeting profile. Re-marketing actions are included into this type of cookies. 

First- & third-party cookies explained 

When using cookies, there is a large difference between first- and third-party cookies. When a cookie is created by your own website and uses your own domain (i.e., *, this means the cookie is a first party cookie.

A third-party cookie is set by a third party, so not by your own website but by a tool you use, or a service you implemented. For example, when a Shopify cookie is being set to manage a shopping cart; that’s a third-party cookie. 

As a website owner/builder it is very important that you know the difference and also know of each cookie so you can guarantee compliance.


Website cookies: practical guidelines 

As always, there are a few guidelines you need to follow when deciding to use cookies (possibly to track your users). 

  • Make sure you have a list of cookies available and under which category they fall. 
  • Allow users to consent to your cookies in a clear and specific way. 
  • When a user does not consent, make sure you do not enable non-essential cookies. 
  • If users want to change their preferences, make sure they can do so. 



What’s a cookie policy? 

A cookie policy shows the user what cookies are used on your website and why they are being used.  

4 requirements for your cookie policy 

When building your cookie policy, there are a few minimal requirements when starting. 

  • Make sure to list all cookies (also third-party) 
  • Group cookies per category 
  • Describe why the website uses cookies 
  • Make sure you describe how a user can change their preferences 

Additional to the mandatory cookie policy, you are also required to create a privacy policy. The cookie policy does not replace this. 

What to put in your cookie banner 

The cookie consent must be obtained from the user via a cookie banner (or similar) when they visit for the website for the first time. The banner should at least have: 

  • A link to the cookie policy 
  • A way to manage the preferences per category 
  • button to consent to the cookies. 
A list of items that should be put in your cookie banner

Note: A cookie wall which blocks the entire screen, or a consent given when starting scrolling are both invalid! 

The GDPR importance of a cookie consent 

What is a cookie consent? 

Cookie consent is a key part of the GDPR compliance; it has to be clear, specific, and freely given consent. Under the GDPR, cookies need to be sorted into specific categories in your cookie policy, so ideally you have a cookie banner (or similar popup) which allows users to consent.

Because of the fundamentals of the GDPR, users need to know what purpose different cookies serve, and allowed to consent to or deny those cookies. For example, if a user consents to the use of functional cookies that allow a language to be set, that does not mean they consent to cookies that collect data on behalf of Google or Facebook. 

The GDPR does not specify how to lawfully deploy and use cookies, it does however make it clear that cookies are subject to the legislation. 


Why embed a correct cookie consent system? 

If you are in the EU and use cookies, you are subject to comply with the GDPR and Cookie Law. The best way to do this is by assessing your tracking technologies and put compliance measures in place now. 


Let us help you! 

As illustrated, having an up-to-date cookie banner is essential for your website. If not, it can have repercussions on your website ranking and you may be violating GPDR policies that apply to your location or country.  

Are you unsure about your implementation - maybe you have a cookie disclaimer, but not a category-based system, or you simply want to validate your current set-up?  

At Wax Interactive, we can assist you to obtain and maintain cookie compliance for your project. 

We also developed an in-house fully customizable Cookie system for Drupal, which has been approved by an official DPO. If you like, we can sit together and explore the options of implementing this solution into your project! 


This blogpost was written by Jorge Spiessens. 


Contact us!

Want this for your brand?

Fill in the form or give us a call :

+32 9 329 83 80 

Jobs image

Are you the
digital talent
we are looking for? 

We'd love to get to know you and create memorable stories together! Discover our vacancies! 👇