Website Compliance - Boo Consulting Partnership
This year is moving at a fast pace - yet by taking things day by day - every small step counts. A consistent search exists this year to continue improving, defining and setting up the Cornish Hue brand and a unique proposition. With a clear view of 2025 ahead of us - one clear goal was to meet new local businesses, leaders and the wider community. The goal is to build more like-minded “high-quality” teams to work with and partner up on future projects and events. With the mid-September warm weather returning to Newquay in Cornwall, we got our walking boots on and got to work meeting inspirational people.
In September 2024 we meet Boo Consulting - a dynamic team and a valued support partnership in our website design and production proposition. By combining my creative focus with a business focus, Boo Consulting offer new client’s a deep and important compliance journey and experience. Boo Consulting are a passionate and experienced privacy and risk consultancy firm based in Newquay, Cornwall. We specialise in ISO standards, information security, cybersecurity, data protection and marketing compliance. The highly skilled team can help organisations in Cornwall and throughout the UK to meet security and privacy objectives, develop your understanding of your organisation’s security posture, test its defences, and prepare for worst-case scenarios.
So, why does all this matter to you and your business?
Cookie Compliance
The laws on cookies can be found in both the PECR and the UK GDPR. PECR explicitly governs electronic communication (email, SMS, push notifications and cookies).
Knowing which regulations, you need to comply with is important, as well as what their requirements are regarding consumer rights, notification, consent, and data use. Being aware of what cookies and other tracking technologies are in use on your website is also important to ensure correct consent can be obtained. This information can be accurately and comprehensively presented on your website and maintained in your cookie banner and cookie policy.
Ensuring that users are informed about your organisation, the processing of their data, their rights, and their consent choices is important, as is presenting all choices equally, and detailing how users can contact you. Any methods that nudge or trick users into consenting, such as pre-ticked consent boxes, should not be used.
Additionally, you should always ensure that only necessary data is collected and that it is processed only for the purposes communicated. Data must be accurate and up-to-date and only stored for as long as it is needed to fulfil the processing purpose. You need to maintain the required standards of security and privacy and ensure processes are in place to uphold accountability
Cookie Banners and Notices
Notifying users about data collection and processing is a legal requirement, and this includes the use of cookies. You may not explicitly require a cookie banner but this is often the most efficient and user-friendly way to notify users about the use of cookies and obtain compliant consent when needed.
Globally, some regulations use an “opt-in” model for consent, where personal data cannot be collected or processed without first informing users and obtaining consent. A cookie banner is ideal to help achieve this and is a requirement in the UK, where an opt-in model is in place.
Other global regulations use an “opt-out” model, where personal data can be collected and even shared or sold without consent, but users must have the ability to opt out of the sharing or sale of their data, profiling, targeted ads, use of technology for decision-making that affects them, and other uses, at any point. A cookie banner can also help achieve compliance for this model.
If a website collects data using cookies, privacy compliance is required, even if the organisation does not directly or substantially make money from data processing. A cookie banner can help achieve this. A cookie banner should link to a cookie notice, which describes all the cookies being placed, for what reason and for how long they are stored.
The transparency a privacy notice provides and its demonstration of respect for users’ rights and consent choices also build trust and encourage higher engagement and long-term relationships.
GDPR and PECR
Under the GDPR, legal bases or the “lawfulness of processing” are legally acceptable reasons for companies or other organisations to collect and process personal data. User consent is one legal basis, though the GDPR lists six in total. A “data subject” is a person whose personal data is processed, e.g. eCommerce customers, website visitors, app users, etc. The six lawful bases are:
the data subject (e.g. user) has given consent.
to fulfil a contract with the data subject.
to comply with a legal obligation to which the data controller (e.g. company) is subject.
to protect the vital interests of the data subject or another natural person.
in the public interest, or where the data controller is exercising official authority.
legitimate interests pursued by the data controller or a third party, e.g. for individual, commercial or societal benefit.
Legitimate interest is often used to justify data processing but can be difficult to adequately prove. The safest legal basis for cookies is obtaining and securely managing user consent.
Remember, a website that collects personal data, including cookies is legally required to have a privacy notice, this should explain all the processing activities of the organisation, including the lawful basis they are using, data sharing, international transfers, data retention, security/safeguards and data subject rights.
Having compliant notices which are easy to understand, provides the end customer assurance that the organisation is taking data protection seriously as they meet key principles of the GDPR.
So, here is to safe browsing and creation - and a secure partnership for you and your business.
Contact Linn at https://booconsulting.co.uk/ for further information
Telephone: 01637 838 155
