Blue gradient overlay

ePrivacy PECR Flash Briefing

PECR Checklist - how do you match up to our initial five point plan?

  • Audit your sites' cookies - for number, function and how they work
  • Update your Cookie consent form
  • Change your site to only deploy the correct cookies at the right time
  • Update your Cookie page
  • Update your social media profiles

Key questions answered


Privacy and Electronic Communications Regulations (PECR) say that you must tell people the cookies are there, explain what the cookies are doing and why and get the person’s consent to store a cookie on their device.

When? Since June 2019, sites have been expected to comply with the higher level of consent in GDPR for their cookie notices, too.


  • Your cookie consent form must be clear
  • Positive action must be taken for consent (No pre-ticked boxes)
  • Clearly explain the cookies that will be set and what they do – including any third party cookies and strictly necessary cookies
  • Users must have control over any non-essential cookies, like analytics, marketing or social
  • Non-essential cookies must not be set on landing pages before you gain the user’s consent
  • Your Cookie page and social media profiles must be updated.
  • Who?
  • This applies to all sites, even if you have used a 'legitimate interest' argument for GDPR or have a cookie wall

What's the tricky bit? 

PECR applies to your specific cookies, and your site may have a lot of them. Each one may work differently, and whilst we already have a long list of ones we have seen there are thousands of services, which use cookies. The technical challenge is stopping cookies being deployed on your site, which can be tricky with some services.

How does the NDP PECR Audit work? 

First, we will run a cookie scan on your website, in order to identify all the cookies that can be set by all the pages and elements of the site. We review the results of the scan and categorise all the cookies identified across three categories:

  • Essential (which is defined as essential to the proper functioning of the website from the user's perspective). For instance, cookies necessary to track the items that a user has added to their shopping cart on the site.
  • First party: cookies directly set by the website (for instance, Hotjar or Google Analytics cookies).
  • Third party: cookies set by other services, via embedded elements on your site (for instance, cookies set by Google when a user views a YouTube video embedded on your site, or by Facebook/Twitter if a user clicks a social sharing button on one of your site's pages).

Finally, we will review each cookie, how it is set and how we can block it (if it is non-essential and a user chooses to reject cookies). At the end of this process, we will deliver the conclusions of our Cookie Audit to you, which will include our recommendations on how to manage the cookies on your site.


Latest Insights

Unravelling the Cookie Mystery: What You Need to Know!

The UK Government Information Commissioner’s Office has some startling news for you. They’re fed up with searching the web and then writing letters to companies about lack of compliance (it’s so old-fashioned).

Learn More geometric figures

Navigating the digital shift

We all know our digital era has brought about a transformation in the way organisations interact with their audiences. That transformation has been different from sector to sector - in some, there has been a fundamental rewrite of the rules with the old and the new thrown into the competition. Think Amazon, then think of your local hardware store.

Learn More geometric figures

Zen and the art of support and maintenance

There was a time when you could just buy an application, maybe on a CD-ROM if you remember those, install it on your computer and it would just work - forever. Or at least until the computer broke down. So you might ask, given that a website is ‘sort of’ an application, why does it even need support and maintenance?

Learn More geometric figures

Website trends - The years ahead

Digital experiences require hardware and that consumes energy. So the first step in ensuring sustainable delivery of those experiences is to look at the hosting. There is a wide range of eco-friendly and carbon neutral options available today and the costs compare well with the rest of the market. With global suppliers such as Amazon Web Services all the way down to niche providers offering environmentally friendly hosting options, there is no excuse for not making this key transition.

Learn More geometric figures