The first step on the road to compliance is to know what cookies
are being dropped by your site, what they do and gauge their level
of intrusiveness. This is achieved by conducting a cookie
audit, which is what we're going to examine in detail.
In the wake of the legislation, a number of companies have
sprung up offering 'certified' audit solutions which claim to fix
the problem overnight. Some even offer a 'certificate of
compliance' which you presumably are supposed to mount on the wall
or wave in the regulator's face when they come after you!
Be aware - these certificates mean nothing to any official body,
and offer you no protection against enforecement.
The situation with cookies is often complex and there's no quick
fix, out of the box audit solution that's right for every business
and organisation. Depending on the complexity of your site and how
heavily you rely on third party technologies and partners, your
options are as follows:
Do It Yourself!
You and/or your web team can go through the documentation
associated with your website and see if there is mention of the
cookies used. If you use a third party Content Management System
(CMS) or an e-commerce platform, then you can enquire with them as
to what cookies they drop on your website.
Talk to your Web Agency
If your website was built by and/or is supported by an external
agency, then it is at least partly their responsibility to tell you
what cookies the site uses, and what you should do about them. They
can provide documentation but may struggle with the analysis and
recommendations for remedial action.
Engage a professional firm of cookie auditors
There are specialist companies such as the Cookie
Collective who will capture, analyse and interpret your site
cookies, and make recommendations for what action you will need to
take to move towards compliance. If you have sites in a number of
different countries, then we can audit those too and advise on a
integrated strategy and messaging.
More information: How to Do a Cookie Audit