Choose Your Creation Method

Under PECR Regulation 6 and GDPR Article 13, your cookie policy must clearly state:

• What cookies are - clear explanation in plain language
• Which cookies you use - comprehensive list by category (essential, functional, analytics, marketing)
• Purpose of each cookie - why each cookie is set and what data it collects
• Cookie duration - how long each cookie remains active (session vs persistent)
• Third-party cookies - all external services that set cookies (Google Analytics, Facebook Pixel, etc.)
• How to manage cookies - instructions for blocking/deleting cookies in all major browsers
• Consent mechanism - explanation of how users provide consent
• Contact information - how users can contact you about cookie usage
• Policy updates - when the policy was last updated and how changes are communicated

Our template includes all mandatory sections to ensure full ICO and PECR compliance.

ICO Enforcement Powers:

• PECR fines: Up to £500,000 for violations of cookie consent requirements
• GDPR fines: Up to £17.5 million or 4% of annual global turnover for data protection breaches
• Enforcement notices: Formal orders requiring immediate compliance
• Audits: ICO can audit your website and cookie practices
• Public reprimands: Damage to reputation through published enforcement actions

Recent ICO Cookie Enforcement:

In 2023, the ICO issued multiple fines for cookie consent violations, including fines for pre-ticked consent boxes, unclear cookie information, and failure to obtain proper consent before setting non-essential cookies. Common violations include using cookies before consent, bundling consent with terms acceptance, and failing to provide clear information about cookie purposes.

Don't risk it. Get compliant today for just £10.

Full PECR & GDPR Cookie Compliance:

• ✓ Plain language explanation of what cookies are
• ✓ Comprehensive cookie categorization (Essential, Functional, Analytics, Marketing)
• ✓ Detailed cookie tables with name, purpose, duration, and provider
• ✓ First-party and third-party cookie distinction
• ✓ Session vs persistent cookie explanations
• ✓ Cookie consent mechanism description
• ✓ Browser-specific cookie management instructions (Chrome, Firefox, Safari, Edge, Opera)
• ✓ Mobile browser cookie instructions (iOS Safari, Android Chrome)
• ✓ Third-party opt-out links (Google Analytics, Facebook, etc.)
• ✓ Web beacon and tracking technology disclosures
• ✓ Do Not Track (DNT) signal handling
• ✓ Cookie policy update procedures
• ✓ Contact information for cookie queries

Professional, legally sound, and ready to publish.

Don't Fall Into These Traps:

• Pre-ticked consent boxes: Consent must be active opt-in, not opt-out. Pre-ticked boxes violate PECR.
• Cookie walls: Blocking access to websites unless users accept all cookies is illegal under PECR unless service genuinely cannot function.
• Setting cookies before consent: Non-essential cookies must not be set until after explicit consent is obtained.
• Vague cookie descriptions: Each cookie must have clear purpose, duration, and provider information.
• Missing third-party cookies: Must disclose ALL cookies, including those set by Google Analytics, Facebook Pixel, advertising networks, etc.
• No browser instructions: Users must be told how to manage cookies in their specific browser.
• Bundling consent: Cookie consent cannot be bundled with terms & conditions acceptance.
• Implied consent: "By continuing to use this site you consent to cookies" is not valid consent under PECR.
• Missing essential cookie justification: Even "essential" cookies need explanation of why they're necessary.
• Outdated cookie list: Cookie policy must be updated whenever new cookies are added.

Our template prevents all these mistakes with clear, compliant language and proper structure.