Cookie Consent Banner Implementation Guide for SMEs

Start by mapping every cookie, SDK, and tracker on your site. Under the EU ePrivacy Directive (Directive 2002/58/EC, as amended by 2009/136/EC), non-essential cookies require prior consent. The GDPR sets the bar for valid consent: freely given, specific, informed, and unambiguous (Art. 4(11), Art. 7; Recital 32). Local laws like UK PECR and Germany's TTDSG align. Block marketing and analytics scripts until opt-in, categorize cookies, and document purposes. LegalDocs.ai can help generate a precise cookie policy and records to prove compliance.

Choose an opt-in model for the EU and UK: no non-essential cookies fire until the user actively consents. Pre-ticked boxes and implied consent are invalid under ICO and CNIL guidance. Contrast: US CCPA and CPRA mainly require an opt-out for sale or share and targeted ads. If you serve global traffic, default to opt-in or geotarget banners by region. Implement a consent management platform (CMP), store consent logs (timestamp, preference, policy version), and consider IAB TCF v2.2 if you run programmatic ads.

Design a banner that is clear, neutral, and accessible. Offer Accept and Reject with equal prominence, plus granular toggles for strictly necessary, performance, and marketing cookies. Avoid dark patterns, nudges, and cookie walls (see EDPB guidelines). Use plain language, link to a detailed cookie policy, and provide a persistent icon to revisit choices. Ensure keyboard navigation and color contrast to WCAG AA. Refresh consent every 6-12 months, honor withdrawals instantly, and use LegalDocs.ai to streamline updates and audit-ready records.