If your website uses cookies beyond the ones strictly needed to function — and most websites do — you likely need a cookie consent banner under GDPR and the ePrivacy Directive. Here is exactly when you need one and what it needs to do.
What is a cookie consent banner?
A cookie consent banner is the pop-up or bar that appears when users first visit your website, asking them to agree to your use of cookies. You have seen them on almost every major website — they usually say something like "We use cookies to improve your experience" with Accept and Decline buttons.
When do you need one?
Under GDPR and the ePrivacy Directive, you need a cookie consent banner if your website uses any cookies that are not strictly necessary for the site to function. This includes:
- Analytics cookies — Google Analytics, Hotjar, Mixpanel
- Advertising cookies — Google Ads, Facebook Pixel, any ad network
- Social media cookies — Facebook Like buttons, Twitter share buttons
- Personalization cookies — remembering user preferences beyond basic functionality
You do NOT need consent for strictly necessary cookies — session cookies, shopping cart cookies, login cookies — because these are essential for the site to work.
Who does this apply to?
The requirement applies to any website that can be accessed by users in the European Union. This means if your website is accessible globally, the GDPR cookie consent rules apply to you.
In practice, this means most websites on the internet need to comply if they want to avoid risk.
What must a cookie consent banner do?
A compliant cookie consent banner must:
- Appear before any non-essential cookies are placed
- Clearly describe what types of cookies are used
- Give users a genuine choice — Accept and Decline must be equally easy to click
- Not use pre-ticked boxes or dark patterns to push users toward accepting
- Allow users to change their consent later
- Link to your Cookie Policy for more details
What is a Cookie Policy and do I need one too?
Yes — a cookie consent banner must be paired with a Cookie Policy. The banner gives users the headline. The Cookie Policy gives them the full details — exactly which cookies you use, what they do, and how users can manage them.
LegalyJet generates a complete, personalized Cookie Policy for your website in under 4 minutes — completely free. It covers GDPR, the ePrivacy Directive, and gives you a document that accurately describes your actual cookie usage.