Does your website need a cookie banner?  

There are cookie banners everywhere – but why? 

This is probably a familiar experience: you land on a website, and before you can even see the actual content, a banner pops up asking if you want to accept cookies.  

These cookie banners can be found on almost every website today, and for good reason: they have to do with data protection.   

What cookies are and what they’re used for 

Cookies are small files that a website stores on a visitor’s device. They enable essential functions such as saving shopping carts in an online shop or logging into user accounts. 

Many websites also use cookies for analytics purposes, personalised advertising, or to improve the user experience on the website. 

Data protection legislation 

The use of cookies is subject to strict data protection regulations in many places. Within the EU, the main data protection law is the General Data Protection Regulation (GDPR). GDPR sets a policy that non-essential cookies may only be set with the express consent of the user. This means that:

• Only technically necessary cookies (e.g. for logins or shopping carts) may be used without consent. 

• All other cookies (e.g. for tracking or marketing) require active consent from the user. A simple notice is not enough. 

The consequences of not having a cookie banner  

Without a legally compliant cookie banner, website operators risk warnings, fines and loss of trust. Violations of data protection regulations can result in heavy penalties – up to 4% of annual turnover or 20 million euros, depending on the company and the severity of the case. You can check GDPR Article 83 (5) directly or read our article about penalties for noncompliance.  

A cookie banner is not a formality. Rather, it’s an important aspect of a legally compliant website. It ensures that users have control over their data and that website operators comply with legal requirements. 

When is a cookie banner required?  

Not every website needs a cookie banner. The decisive factor is which types of cookies are used. Data protection laws such as the GDPR require active consent when a website sets non-essential cookies. Let’s look at what that means in practice.

Essential vs. optional cookies  

We can basically divide cookies into two categories: 

Essential cookies  

These are essential for the functioning of a website. They ensure that users can log in, products remain in the shopping cart, or language settings are saved. Since they do not collect personal data for advertising or analysis purposes, they can be set without requiring explicit consent. 

Optional cookies  

All other cookies that are not absolutely necessary for the website to function are considered to be subject to consent. These include, in particular, tracking and marketing cookies. 

If this feels very theoretical, let’s now move to practical examples of the two types of cookies:  

Essential cookies (no banner needed):  

• Saving login data or language settings 
• Shopping cart functions in an online store 
• Security tokens for protected areas 

Tracking and marketing cookies (banners and user consent required):  

Non-essential, optional cookies such as those used for marketing or analytics purposes require active consent from users. These include, but are not limited to: 

• Tracking tools such as Google Analytics or Meta Pixel: These tools track user behaviour on a website to compile statistics, analyse traffic sources, and improve website performance. Since personal data is often processed in this process, explicit consent is required. 

• Retargeting  and advertising cookies: Many websites use cookies to display personalised advertising. These cookies remember which pages a user has visited and allow targeted ads to be served based on their behaviour. This type of data processing requires clear and voluntary consent.  

• Cookies for analysing user behaviour: Some cookies track the behaviour of visitors to analyse, for example, clicks, time on page, and preferred content. This data helps companies to optimise their website but also accesses personal information, which is why consent is required. 

Since these cookies are not necessary for the basic functionality of a website, users must be able to accept or reject them before they are set. An informative cookie banner makes sure that this decision is made transparently and in compliance with data protection regulations. 

How to obtain user consent  

Once your website uses non-essential cookies, you will need to provide a legally compliant cookie banner. You should pay attention to the following requirements:  

• The consent must not be preset (i.e. no “accept all” as the default). 
• Users must have the choice to accept only essential cookies. 
• Refusing non-essential cookies must not restrict the use of the website in a way that makes it unreasonable to use. 

If your website only uses technically necessary cookies, then no banner is required. Adding a note in your privacy policy is enough in that case. 

Key parts of a cookie banner 

A cookie banner needs to be more than a simple notice. It needs to give users a real choice. The following elements are essential for compliance with data protection regulations:  

1. Clear information 

• The banner must clearly explain which cookies are used and for what purpose. 

• There should be a link to the privacy policy or a cookie policy. 

2. Voluntary consent (opt-in solution) 

• Users must not be forced to accept all cookies. 

• Unambiguous consent must be given by actively clicking “Accept” or an equivalent button. 

3. Individual settings 

• Users must be able to accept only essential cookies or opt-out of certain categories (e.g. “Necessary cookies only” or “Individual settings”). 

4. Easy rejection  

• Refusing non-essential cookies must be as easy as opting out (the opt-out option must not be hidden or difficult to find). 

Opt-in vs. opt-out: what options do users need to have? 

The biggest difference between cookie banners is the way they handle user consent, with some being opt-in and others opt-out. We’ll look at the differences and why one is better for ensuring legal compliance.  

Opt-in (required in the EU, GDPR compliant) 

• Cookies are only set after the user’s consent. 
• Users must actively click to accept tracking cookies. 
• The legally recommended method in the EU. 

Opt-out (insufficient in many cases) 

• Cookies are set automatically, and the user must disable them manually. 
• This method is not GDPR compliant, but it is used in countries with less stringent data protection laws. 
• In the EU, it is not allowed if non-essential cookies are used. 

For websites that want to be GDPR compliant, opt-in is the only acceptable solution. 

Cookie banners: build your own or use a pre-made option 

Now that you know whether your website needs a cookie banner or not, it’s time to decide the best way to add one.  

Manually programming a cookie banner 

It is possible to develop a banner yourself using HTML, CSS and JavaScript. This solution might seem cheaper and easier at first glance seems inexpensive, but it has some challenges.  

One major issue is that data protection laws change and get updated. If you program a banner yourself, it likely won’t remain legally compliant in the long term. 

Another is that the developers of the cookie banner must ensure that the banner actually blocks all cookies until consent is given. Faulty implementations can lead to warnings from whatever data protection authority applies to you. 

Plugins and tools for Content Management Systems (CMS)  

If you use WordPress, Joomla or another CMS, you can use special cookie banner plugins. There are both free and paid solutions that can be easily integrated into a website.  

Complete cookie management solutions such as Termly  

If you don’t want to deal with technology and legal details, you can rely on solutions like Termly. Termly offers an automatic, GDPR-compliant cookie banner that is easy to insert into any website. The big advantage: Automatic updates, legally compliant templates and easy setup – without any technical knowledge. 

Setting up a cookie banner is technically and legally complex. If you don’t want to constantly deal with data protection regulations, new laws and manual maintenance, you should rely on a professional solution that is legally compliant, reliable and maintenance-free. With a professional cookie consent tool like Termly, you are in a much better place to prevent issues and fines.  

Cookie banners: Why a professional solution makes sense 

A professional cookie banner solution relieves website operators of this work and ensures legally compliant and maintenance-free implementation.  

Termly is the easy solution for cookie management 

With Termly, you get an automatic, GDPR-compliant cookie banner that is easy to integrate into any website. The tool scans your website, detects all cookies and ensures transparent management of your users’ consents.  

How Termly works: 

1. Website scan: Termly analyses your website and identifies privacy gaps or missing compliance elements. You will receive an overview of what needs to be adapted or added. 

2. Create and customise policies: Based on a few simple questions about your business, Termly generates legally compliant privacy policies and cookie banners. These can be individually adapted. 

3. Publish and embed: Once you’re satisfied, you can easily add the created guidelines to your website, either by embedding them or via a link so that they are accessible to visitors at any time. 

Advantages of Termly: 

• Automatic updates: Always up to date with data protection laws – without manual effort. 

• Legally compliant templates: GDPR and ePrivacy compliant, including ready-made cookie guidelines. 

• Easy integration: No coding effort – Termly can be integrated directly into your website. 

• Easy to use: Clear, understandable consent options for your visitors. 

• Customisable: Colors, text, and buttons (including CTAs) can be customised to match your design. 

Legally compliant cookies – simple and stress-free 

Instead of dealing with complicated privacy regulations and technical details, Termly allows you to easily embed a professional cookie banner on your website that is secure, up-to-date, and maintenance-free. 

Security and compliance made easy with Termly 

A legally compliant cookie banner is essential for many websites to comply with data protection regulations such as the GDPR. Instead of dealing with complicated technical details and legal risks, it is worthwhile to rely on a maintenance-free, GDPR-compliant solution. 

With a professional cookie consent solution, you can ensure that your website remains legally compliant – without any additional effort. Use Termly to quickly and easily integrate a cookie banner and transparently inform your visitors about data usage.