*Reassuringly dull cyber security e: info@normcyber.comt: +44 (0) 203 855 6215

What the current cookie chaos means for UK businesses


Those who follow data protection developments cannot fail to have noticed that the UK rhetoric regarding current data protection law – such as the GDPR – has become somewhat derogatory over the past few months. This comes hot on the heels of the European Parliament’s remonstrations that the UK has been remiss in its own implementation of the GDPR – as demonstrated by the recent vote in favour of a resolution that calls for an action plan to address these deficiencies.

The latest controversy comes in the form of a potential reform of cookie law.

In August, former Culture Secretary Oliver Dowden gave a press interview in which he made it clear that he didn’t think much of current cookie law, which he described as “pointless” and promised to radically overhaul, to ensure that it is “based on common sense, not box-ticking.” This represents yet another potential departure from the UK GDPR, which came into effect as part of Brexit and which is currently an almost exact replica of the EU GDPR.

This was followed in September by a plea by the head of the ICO – Elizabeth Denham – to G7 countries to work together to overhaul cookie consent pop-ups, “so people’s privacy is more meaningfully protected, and businesses can provide a better web browsing experience”.

The ICO has presented a vision for the future, where web browsers, software applications and device settings allow people to set lasting privacy preferences of their choosing, rather than expressing a preference each time they visit a website. This, it is claimed, will:

  • Ensure people’s privacy preferences are respected
  • The use of personal data is minimised
  • Improve users’ browsing experience and
  • Remove barriers to businesses.

The ICO says this approach is already technologically possible and compliant with data protection law, and is encouraging international collaboration.

Whether the G7 will unite and take action, but the likelihood of the EU relaxing its views and agreeing work with other countries – not necessarily just the UK – on a common and less cumbersome approach to data protection law seems slim.

What does this mean for UK companies? For the time being, it’s business as usual when it comes to ensuring that you are fully compliant with cookie law. If you need a refresher, you can find our handy guide to cookie compliance here. We should expect changes to cookie law and other data protection regulations over the coming months and years, and for those organisations with multiple legal entities in different countries these changes may be complex and resource-intensive to implement.

As ever, organisations with a qualified expert in data protection law on hand will be best equipped to deal with these changes with minimum disruption to business operations and the customer experience.

You can find out more about our virtual DPO service here.

Robert Wassall

Written by Robert Wassall
Robert Wassall is a solicitor, expert in data protection law and practice and a Data Protection Officer. As Head of Legal Services at NormCyber Robert heads up its Data Protection as a Service (DPaaS) solution and advises organisations across a variety of industries. Robert and his team support them in all matters relating to data protection and its role in fostering trusted, sustainable relationships with their clients, partners and stakeholders.

Appointing NormCyber as our virtual DPO has given Ferrero the best of both worlds – access to data protection experts who understand what we stand for as a business, without the hefty overheads usually associated with appointing an in-house DPO.

Harpreet Thandi
Regional Counsel, UK & Ireland, Ferrero

We were looking for a virtual DPO service that offered all of the benefits of a fully qualified data protection lawyer, without the overheads of an in-house hire. The DPaaS solution from norm. has been invaluable in helping us to ensure we respect the integrity of our customers’ personal information, while using it to continue to deliver differentiated products and services which support our growing customer base.

Mike Whitfield, Compliance Manager

CSaaS allows me to step away from multi-vendor management as the Security Operations Centre coordinates all of the technology for me.

David Vincent, CTO

We were in the market for an independent Data Protection Officer service that was well versed with both UK and EU regulators. We’re thrilled to have acquired this service knowing that an expert is available 24/7.

Suzanne McCabe, Head of Project Management
James Hambro & Partners

Norm’s penetration testing layer, along with the suite of CSaaS modules has enabled MA to exceed all its audit requirements for its major clients.

Rob Elisha, ICT and CRM Manager
Montreal Associates

The speed of your Data Protection Officer’s response was very impressive – it was far quicker than I would have expected even from an in-house DPO

Will Blake, Director of Technology and Analytics
CRU Group