Tips & guides

Everything you need to know about cookies, GDPR and the ePrivacy directive

When you are running a website it is important to understand the features of your site and the responsibilities that you have with them. One of the more important features, especially if you run a site in the EU, is cookies! Understanding how cookies work and the regulations surrounding them is crucial to keep both your users and yourself safe.

What are cookies?

To understand the regulations you also need to understand what cookies are. Cookies are small text files that are places on a device when using a browser. This is an essential part of running a functional website and allow for a lot of the features that are part of websites nowadays.
Cookies have three different types of categorization: Duration, Provenance and purpose.

Duration talks about whether a cookie only exist during the users session or persists after. Session cookies go away as you close your browser, but persistent cookies exists for a period of time even after the session is done. Most persistent cookies will delete themselves after a while as well, but it is not always guaranteed.

Provenance is divided into two different: First- or third-party cookies. First-party means that it is placed on your device by the website you are using. Third-party cookies are placed on your device by parties that aren’t the website you are using, mainly for advertisement or analytical reasons.

Purpose cookies are the ones that you typically see in the popups on sites. Here the cookies are categorized from the purpose they have when placed on your device. There are necessary, preference, statistic and marketing cookies. Necessary cookies are the ones that the website needs to function. Preference cookies are used to remember users’ preferences and earlier choices to further advance the user experience. Statistic cookies are used to see how you use a website, where you click and which pages you look at. These are often used by the website to know where to improve their site. The last are marketing cookies. These are almost always third-party cookies and are used by advertisers to help with users’ specific advertisement preferences or limit repetition of ads.
Those are all the different ways that cookies work and exists on your devices. Often a cookie can be a mixture of the different types.

GDPR and the ePrivacy directive

Now that we know what cookies are it is important to understand the regulations surrounding them. In the EU cookies are regulated by the ePrivacy directive and GDPR. These regulations are responsible for the cookie pop up that are featured on all sites now. They work to ensure the protection of user privacy and data.
The most important thing is consent. Asking permission before accessing and saving data from cookies is essential.

What should you do as someone with a website?

Understanding your role as someone who runs a website can be difficult, so here are some of our suggestions to you:

  • Make sure to set up an easy way for you to ask permission from your users, when accessing or saving their data.
  • Ensure that you have and understand what information that you access, what you use it for and how you store it.
  • Document the user consent.

The data that you can get and the data that you might need aren’t always the same thing. Cookies allows you access to a lot of information that you might not want or need. So understanding what data you want access to can make it easier for you, so you don’t have to navigate through consent and data that you don’t need and making the process even more difficult.
If the idea of managing cookies is still a little overwhelming then a  simple and easy solution is using a plugin that will do the hard work for you. All you have to do is find one that fits your needs. When choosing a plugin it is still important to be critical and understand the regulations to ensure that the plugin will fulfill all of the rules and give you everything you need.


Understanding the regulations and functionality of cookies is importing. Asking permission and properly saving and storing them this is essential when dealing with cookies. If you are unsure on how to properly navigate cookie regulations then a plugin is a great solution. Being mindful when making decisions about cookies is important to keep both yourself, your users and their data safe.

WP Nordic