Please note that this post contains affiliate links. When you click these links and make a purchase, we may earn a commission at no additional cost to you. This helps us to continue providing free content for our readers.

Cookie consent isn't just a pop-up that ticks a box for appearances. Under GDPR and similar privacy regulations, your cookie banner must meet specific standards to protect users' rights and ensure your business remains compliant. Yet many websites—even those run by big brands—still get it wrong. For solopreneurs, navigating these rules can feel like a complex and daunting task, but getting it right is crucial for avoiding penalties and building a trustworthy online presence.

Common Issues

If you're a solopreneur running your own website, it's worth asking: Is your cookie banner really compliant? Let's break down the most common issues and how to avoid them.

But first, if you're unsure what website cookies are, check out this explainer on Cookie Compliance.

🚩"Appearance-Only" Cookie Banners

Some websites add a cookie banner simply because they know they should. However, if the banner does not function properly—for example, if it loads tracking cookies before consent is given—it's not compliant. GDPR requires prior consent for non-essential cookies. That means cookies can't be dropped onto a user's device until they've chosen to accept them. This is often the first and most fundamental compliance mistake.

Tip: Use a tool like CookieBot to check whether your site is loading cookies before obtaining consent.

❌ No Option to Reject Cookies

A banner that only offers "Accept" or "OK" isn't compliant. Users must have a clear choice to decline non-essential cookies. Otherwise, consent isn't freely given—it's coerced.

What's required:

  • An equally visible option to reject cookies.
  • No dark patterns (like hiding the "Reject" link in tiny grey text).
  • A neutral default (cookies should be off until accepted).

⚖️ No Granular Choice for Users

Not all cookies are created equal. GDPR requires websites to let users decide which categories they accept—for example:

  • Essential cookies (always on, no consent needed): These are strictly necessary for your website to function, such as those that remember items in a shopping cart or enable a secure login.
  • Analytics cookies: These track user behaviour to provide insights on how your website is used, helping you improve performance. A user might not want to be tracked, so they need the option to opt out.
  • Advertising/marketing cookies: These are used to build a profile of a user's interests to show them personalised ads. This is often the most intrusive type of cookie and requires explicit consent.
  • Functional cookies: These remember user preferences, like language or region settings, to enhance the user experience.

If your banner only gives a blanket "accept or reject" option, you're missing a step. Users should be able to fine-tune their preferences.

🔄 No Way to Change Consent Later

Another common mistake is treating consent as a one-time action. Users must be able to revisit and update their cookie preferences at any time. If your banner disappears forever after the first click, you're not compliant.

Solution: Add a small, persistent link in your website footer (e.g., "Cookie Settings") that reopens the consent options. The option to withdraw consent must be as easy to find as the original option to give it.

🕵️ Other Common Compliance Issues to Watch For

  • Pre-ticked boxes: Consent must be an active choice—no default opt-ins are allowed. Recital 32 of the GDPR explicitly states that "silence, pre-ticked boxes or inactivity" do not constitute valid consent.
  • Vague language: Phrases like "We use cookies to improve your experience" aren't specific enough. Be clear about which cookies you use and why, and provide a link to a detailed cookie or privacy policy. This policy should list every cookie used, including its purpose, provider, and expiry date or length of validity.
  • Denying access if cookies aren't accepted: Users must still be able to browse your site even if they reject cookies (except where cookies are strictly necessary). This practice, known as a "cookie wall," is not compliant and can result in significant fines.
  • Lack of records: You should keep logs of consent decisions in case you need to demonstrate compliance to data protection authorities. These records demonstrate that you have a valid legal basis for processing user data, a key principle of the GDPR.
  • Dark Patterns: Avoid deceptive design choices that manipulate users into giving their consent. This includes making the "Accept" button visually more dominant (a brighter colour, larger size) than the "Reject" button, or hiding the reject option behind multiple clicks.
  • Consent Renewal: While not explicitly stated in the GDPR, best practice is to renew consent at regular intervals, typically every 6 to 12 months. This ensures your consent records are up-to-date and reflect the dynamic nature of your data processing activities.

✅ Making Your Cookie Banner Compliant

Creating a compliant cookie banner may feel like yet another task on your to-do list, but it's an important one. It protects your users, builds trust in your brand, and shields you from potential fines.

Here's a quick compliance checklist

[ ] Cookies aren't dropped until the user accepts.
[ ] Clear Accept and Reject options with equal prominence. Ensure the buttons are the same size, colour, and contrast.
[ ] Granular controls for cookie categories.
[ ] Persistent "Cookie Settings" link for later changes. This link should be easily accessible.
[ ] Transparent, jargon-free language about cookies in use, with a link to a detailed policy.
[ ] Consent records are maintained.
[ ] The banner is non-obtrusive and responsive on all devices, providing a seamless user experience.

Tip: Use a tool like CookieBot to check whether your site is loading cookies before obtaining consent.

A cookie banner is more than a pop-up—it's a visible sign that you respect your users' privacy and take compliance seriously. By avoiding these common mistakes and adhering to GDPR guidelines, you can make your website safer, more trustworthy, and better equipped for the future.

Want to simplify compliance? Download my free Cookie Consent Guide PDF—it includes a step-by-step checklist to help you get it right the first time.