Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data.
Sort By:
Oldest
Chief Technology Officer in Mediaa year ago
The responsibility for cookie compliance often falls under legal or compliance teams, ensuring alignment with GDPR rules. A cross-functional committee involving legal, IT, marketing, and web development teams can collaboratively assess new web deployments. Defining clear guidelines and holding regular meetings can help categorize cookies effectively, addressing challenges such as determining if a cookie is Strictly Necessary or Functionality.IT Manager in IT Servicesa year ago
Cookie Compliance is a multi-faceted task that requires inputs from DPO as well as Security teams continuously. Establishing a dedicated privacy or compliance team and following best practices for documentation, assessment, and collaboration can help to ensure GDPR cookie compliance.
Most of the time the legals and or DPO don't have the technical acumen to understand when data is floating to third party services.
Lets take the example you brought up with the LiveChat being on a different provider. In that case with a high probability you would need to receive explicit consent due to the fact that its not relevant for the website/service to work, it would ease engagement but that's it.