Few tech topics have garnered as much attention in recent years as the introduction of the EU General Data Protection Regulation (GDPR). There is good reason for this, as GDPR has had a huge impact on the ways data should be handled and collected by businesses across the EU and beyond. And even in the UK, the regulation has been retained as the UK GDPR, enforced through the Data Protection Act 2018. 

What is GDPR? 

GDPR was officially rolled out in May 2018, and these regulations provide individuals with far more control over which pieces of personal information businesses are permitted to collect, store and use. 

The data that is protected by GDPR includes all personally identifying information, such as a person’s name, location, IP address, username, and age. Cookie identifiers are also protected, data, and there are strict rules around gaining consent for their use in most situations. This is why it is important for your veterinary practice to ensure that your website has a clearly displayed cookie banner that clearly explains your cookie policy, allowing website users to opt in or out. 

What is a cookie banner? 

A cookie banner is a notification that will be displayed to your visitors the first time they visit your website. This banner will tell your visitors that your website uses cookies to function optimally and ask them to give their consent for those cookies to be stored safely on the device they are using. 

In addition to demonstrating that your practice is complying with all privacy rules, regulations and laws, a cookie banner can also help you to clearly communicate the values your practice holds and show your audience that those values align with what they expect from your business. 

In the absence of consent, you cannot legally use any cookies other than those deemed “strictly essential” – so no marketing, no analytics, no tracking or advertisement, and no social media cookies, just enough to allow the user to navigate the website.  

You may think “well, that doesn’t matter, we don’t use any of those” – but you probably do, somewhere on your site. Without analytics cookies, it is virtually impossible to determine how individual users are accessing your site; and many plugins and widgets require you to use cookies from third-party advertisers (often the worst type of tracking, privacy-invading cookies). Be in no doubt, without opt-in consent from your users, these are illegal. 

Meta Pixel and GDPR 

The rules around cookies also extend to more recent innovations, like pixels. 

For example, in March 2023, None of Your Business (NOYB) announced that a decision had been taken by the Austrian data protection authority (DSB) stating that the use of certain Meta (formerly Facebook) business tools violated Article 44 of GDPR [1]. The ICO in the UK have also stated that pixels are automatically covered under the UK GDPR and PECR [2]. 

Many websites in the UK and the European Union have made use of Meta’s tracking Pixel, however, as per the regulations, this tool can only be used if visitors have given prior consent for their personal data to be collected and processed in this way. So, it is essential to ensure that the pixel will only fire after consent has been obtained by each visitor. 

To do this, your site must automatically block all third-party scripts (including pixels, cookies and other tracking analytic systems) from functioning until the point that a visitor provides their consent. 

What are the consequences of not following GDPR? 

There are significant consequences for failing to comply with GDPR, which reflects the expectation that consumers have regarding how businesses protect the personal information of their visitors. 

Consequences vary depending on the severity of the non-compliance, however, it is possible for businesses to be hit with fines of up to £17 million (€20 million) or 4% of total turnover globally, whichever figure is greater. 

It is important to emphasise that there are a number of other sanctions that can be put in place, such as warnings and corrective orders. These sanctions are designed to prompt action and, therefore, must not be ignored by any business. 

Cookie banner best practices 

 As cookie banners are now a necessity and not an option, it is important to ensure that the layout and style you choose reflect your brand well. So, to ensure that your cookie banner doesn’t negatively affect the user friendliness of your site, here are some best practices to consider. 

1. Layout

Header or footer banners generally provide the best user experience, as they aren’t intrusive and don’t prevent visitors from viewing the content on your website. Alternatively, you could also use a floating box banner. These are generally positioned in the bottom right or bottom left corner of the screen. 

A pop up placed in the centre of your website is also an option, especially if you want to grab the attention of your visitors immediately. If you do choose this option, it is imperative to ensure that this popup can be quickly actioned to ensure you remain compliant with GDPR without interrupting the overall experience of your visitors too much. 

2. Control

As the purpose of GDPR is to provide individuals with control over their personal information, it is important to ensure you are giving your visitors as much control as possible. One of the simplest ways to do this is to allow your visitors to enable or disable a range of different options, including essential cookies, performance cookies, advertisement cookies, and analytics cookies. In fact, this is specifically what the GDPR calls for, which it calls “granularity of control”. 

3. Mobile responsiveness

Since a significant percentage of your visitors are likely to land on your website using a mobile device, you need to make sure that your cookie banner is also optimised for mobile. If this step isn’t taken, your user experience metrics will be negatively impacted, and you may even lose SEO ranking – and thus potential or current clients to a competitor practice. 

Resources: 

[1] https://noyb.eu/en/austrian-dsb-meta-tracking-tools-illegal 

[2] What are cookies and similar technologies? | ICO