May 21 | 6 minutes read

Setting up Your Cookie Banner? Here’s What You Need to Keep in Mind!

Almost a year has passed since the GDPR entered the minds of data-driven marketers and customers alike. But still, going back to basics for some general rehearsals doesn’t really hurt – especially when it comes to the basics for gathering data and consent: cookie banners.


First, let’s take it from the top! GDPR stands for General Data Protection Regulation and it regulates the privacy and data protection for all individuals within the European Union and EEA.

Need a brief GDPR overview? Check out our GDPR Survival Guide!

While GDPR regulates the processes for storing the data, there are national marketing laws that regulate the use of, for instance, cookies; why we use them, how we use them, and how we communicate it to the outside world.

Do You Need Cookie Consent?

Do you have a commercial or marketing website for your brand? Are you tracking cookies for commercial or marketing purposes? Have you not set up a cookie bar yet? If you tick one or more of these boxes, the answer is a roaring yes!

But before you collect data, you need consent. Cookie consent is the informed, explicit agreement of the owner of the cookies (visitor) for their browsing data to be stored and used for clearly stated purposes. A user must be made aware of the cookie purposes at the time consent is requested.

Keep in mind that information about the purpose needs to be stated both directly on the web in the cookie banner where you click to give your consent but also in your cookie policy, more on that later.

Cookies: The Foundation of Data-Driven Marketing

Why are cookies so valuable to data-driven marketers and the user experience? The reason is simple: Without cookies, data isn't saved on the web from one page load to the next. But with cookies and the user’s explicit consent, a visitor can, for instance, log on to a website, leave, and then come back later and be automatically logged in.

How? Because the website has already issued cookies in the background upon the visitors log-in and saved the information in the browser’s cookie file.  

The mechanics behind is that, in the background, the website issue cookies upon log-in or simple browsing and save them in the browser. When that cookie is sent from the browser and back to the website, the website is able to confirm that it’s still the same visitor browsing as before.

In a nutshell:

Cookies allow websites to recognise visitors based on the data they provided with their consent during their last visit.

First-Party, Third-Party and Session: What Kind of Cookies Exist?

But before we dive deeper into the world of cookies, let’s get down to the nitty gritty and answer the following questions: what are cookies? And how are they used?

When visitors enter your website, a file is saved into their browser. That file is known as a cookie. In that cookie file, data (such as browsing behaviour and items added to cart) can be stored. This will, of course, only happen as long as the visitors have provided their cookie consent.


There are two types of cookies according to purpose...

  • Session cookies expire when the browser is closed. Used by online shops, for example, to allow you to keep items in your shopping cart as you browse the website.
  • Persistent cookies are commonly used for keeping users or visitors logged in or for recording their browsing activity over a long period of time. The length of this period can vary and depends on your preferred settings; ranging from days to years.

… And two types according to origin:

  • First-party cookies are created by the website the visitor browsed, and only exist in the domain it was created.
  • Third-party cookies are created by third parties (advertisement-related) in different domains. When the same third party has created the same cookie in two different domains and can be associated to the same visitor, the cookie merges and is effective in both domains.

How to Create a Cookie Banner: The Essential Requirements

Your cookie banner must be sincere, transparent, unambiguous, clear, up to date and comprehensive.

In other words, your cookie banner should contain a cookie policy link along with an updated message that reflects exactly how the cookies will be handled, as well as the option to both provide and how to withdraw consent.

How to Create a Cookie Policy

A cookie policy is a text that, in detail, explains to your users and/or website visitors what cookies are active on your website, what data is tracked in them and where, as well as what their purpose is. Your cookie policy should state:

  • What types of cookies are set
  • How long they persist on your users’/visitors’ browsers
  • What data they track
  • For what purpose they are applied(functionality, performance, statistics, marketing, etc.)
  • Where the data is sent and with whom it is shared
  • How to reject cookies, and how to subsequently change and/or withdraw the cookie consent.

Your cookie policy may be a part of your privacy policy, which is where you explain your methods and purposes of data processing on your website.

Make sure to update both policies periodically.

In addition, your cookie banner must contain a link to your cookie policy. It should be hosted in your website, and visitors should be able to access it comfortably in order to review their preferences and potentially withdraw their consent should they wish to.


A Final – But Very Important – Note to Remember:

Make sure that you are acting in accordance to the marketing law in your respective market(s) and/or GDPR when implementing the script on your website . Even though it's an extra step, the script is there to give your visitors a better experience of your business.

+1: Examples on How to Write a Cookie Banner

Our of ideas? Here's a few inspiring examples, including APSIS’ own cookie banner:

  1. APSIS (Business to Business, Digital marketing software):
    Psst! We use cookies.
    We use cookies on our website to improve your online experience. Read more about how we use cookies here.

  2. Business to Business, technology:
    This website uses cookies.
    Our website uses cookies to deliver safer, faster, and more customised site experiences. The three types of cookies we use are strictly necessary, analytics and performance, and advertising. Please accept the use of cookies or review our cookie policy and change your cookie settings.

  3. Business to Consumer, media:
    Our company uses cookies for personalisation, to customise its online advertisements, and for other purposes. Learn more or change your preferences by clicking here. We support the Digital Advertising principles. By interacting with this site, you agree to our use of cookies.

  4. Business to Consumer, retail:
    This site uses cookies
    We use cookies to make some areas of the site work great for you. If you’re ok with that, just continue. If you want to find out more, or are seeing this message repeatedly, click here.


Are you delivering the level of relevance that customers crave? Get the handbook E-commerce Personalisation in the Nordics.

This whitepaper explores the answers – through the eyes of 4000+ real-life Swedes, Danes, Finns and Norwegians. Enjoy!

E-commerce personalisation in the Nordics



Note: This blog post is for inspirational and informational purposes only and does not constitute legal advice nor shall it be construed, or relied, on as such. APSIS accepts no liability for any losses incurred as a result of any reliance made on the information contained herein. APSIS reserves all right to the content of the blog.