95% of firms not ready for cookie laws
The vast majority of new websites don’t comply with new cookie consent laws, according to a study from KPMG.
The new law requires sites to ask for consent before dropping cookies onto users’ computers. While the EU Directive technically came into force last year, it isn’t being enforced in the UK until 26 May – but it appears few sites are ready for the change.
KPMG audited 55 “major” websites, finding only one that specifically asks for user consent and two that said they were being updated to meet the rules by the deadline.
Where to start
Experts recommend three steps to compliance:
1) Find out what cookies your site uses, and remove ones that aren’t key to your business
2) Alert users to cookies via a prominent link or pop-up
3) Start asking for consent, first in easy places such as logins, before expanding across your site
“Organisations now need to focus their efforts on establishing an inventory of their websites and the cookies currently in use, before evaluating their purpose, and establish a pragmatic plan to ensure compliance,” he added.
With more than a month to go before the rules come into force, it’s no surprise many sites don’t yet offer full compliance – especially as the Information Commissioner’s Office (ICO) has no plans for immediate fines.
While those organisations that don’t meet the deadline can technically face a £500,000 fine, Comissioner Christopher Graham has said the ICO won’t take action against those that are working towards meeting the law.
“When our 12-month grace period ends, there won’t be a wave of formal enforcement actions taken against those who aren’t yet compliant, but are trying to get there,” Graham said last year.