To stay compliant with the EU General Data Protection Regulation (GDPR), companies must get user consent when collecting data from their users and dropping cookies on their devices. Users must be informed on what cookies are present and what their purpose is so they can make an informed decision whether to opt-in or opt-out of cookies.

If the user decides to give consent, it should also be able to withdraw it at any time for a website to stay within GDPR regulations. Websites also should record all user consent for proof – to demonstrate their cookie compliance. GDPR applies to any business or organization operating within the EU, as well as any organization outside the EU that offers goods and services to customers inside the EU. Because of this, most major corporations around the world need to comply.

It is important to note that GDPR protects personal data. This is the information that relates to an identified or identifiable person. This could be as basic as a list of names, or more complex material like IP addresses, cookie identifiers, or other potentially identifying information. The GDPR has increased fines for non-compliance. Google has paid the largest GDPR fine to date, at €50m.