Cookies are governed by the Privacy and Electronic Communications Regulations (PECR) and, where personal data is involved, by the UK GDPR. The legal position has tightened over time: implied consent is generally insufficient for non-essential cookies, and the ICO has made it clear that cookie banners that nudge users towards 'accept all' without an equally prominent 'reject all' option are not compliant.

The cookie policy itself is one part of compliance. The banner mechanics on the site are equally important, and the two need to be consistent.

A cookie policy that lists cookies the site does not use, or that fails to list cookies the site does use, is unhelpful at best and a regulatory risk at worst. Accuracy is the basic requirement.

If your website uses cookies or tracking technologies, you are legally required to have a cookie policy that complies with UK GDPR and PECR. The policy explains to visitors what cookies your site uses, why, how long they last, and how to manage their preferences.

Example: a typical scope and fixed fee

For a UK website using a typical mix of essential, analytics, and marketing cookies, the typical scope looks like this.

What's included

  • A review of the cookies and tracking technologies on your website
  • Drafting of a cookie policy covering each cookie type, its purpose, duration, and how to manage preferences
  • One round of revisions based on your feedback
  • Final version ready to publish

What's outside this scope

  • Cookie banner implementation or technical setup
  • Privacy policy (see Privacy Policy)
  • Tax advice

Fixed fee: £195, no VAT.

How I will approach your matter

Once you have instructed me, I will review the cookies and tracking technologies on your website and draft a policy tailored to what your site uses. One round of revisions is included, and I will deliver a final version ready to publish.

To instruct me, or to talk through whether this is the right service for your matter, email geoffrey@caesar.co.uk. I aim to reply within 24 hours.