What is a correct Cookie banner and GDPR?

We all know them by now: the cookie banners and cookie popups on many websites. With this we indicate whether we agree that our surfing behavior is tracked or rather not. Few people lose sleep over it and permission is usually given to get rid of it quickly. Yet today they are a necessary evil.

In the digital age, data protection and privacy are more important than ever. Belgian companies must be aware of the need to comply with the General Data Protection Regulation (GDPR) and to implement a correct privacy and cookie policy. Unfortunately, we come across websites every day that do not comply with the rules. Unfortunately, the lack of a cookie banner, or a cookie banner that simply doesn’t work and blocks cookies when refused, is commonplace.

In this article we discuss the importance of GDPR, privacy and cookie policy and give you an overview of the common mistakes and how to avoid them. The aim is to raise awareness among Belgian entrepreneurs and to offer assistance in complying with the legislation, thus avoiding fines and reputational damage.

GDPR: what is it and why is it important for Belgian companies?

The GDPR (General Data Protection Regulation) is a European law that regulates the protection of personal data of EU citizens. It has been in force since May 2018 and imposes strict rules on companies and organizations that process EU citizens’ data. GDPR is critical to ensuring consumer privacy and holding companies accountable for how they handle personal data. Belgian companies that do not comply with the GDPR regulations can face high GDPR fines and reputational damage. The sanctions for companies that are too lax with your data are considerable. The fines can amount to twenty million euros or four percent of the global annual turnover.

You may think that the chance is small that your company or SME will come into the crosshairs of the Data Protection Authority. On this website, however, we found many statements, especially regarding the implementation of cookies and the accompanying cookie banner, where Belgian companies have burned themselves with the legislation. Fines of € 5,000 to € 50,000 have been imposed here.

Privacy Policy: protection of personal data

A privacy policy is a document in which companies explain how they collect, use, store and share personal data. It is a legal requirement under the GDPR and helps build trust between businesses and consumers. You publish this policy on your website so that visitors know how you or your company deal with their privacy and data.

The most important parts of a privacy policy are the identity of the controller, the purposes of the data processing, the legal basis, the recipients of the data, the retention period and the consumer rights under the GDPR.

Consumer rights under the GDPR

The GDPR provides a series of rights for consumers with regard to their personal data:

  1. Right of access: Consumers have the right to know what data a company holds about them.
  2. Right to rectification: Consumers have the right to have incorrect data corrected.
  3. Right to be forgotten: Consumers have the right to request that their data be deleted.
  4. Right to restriction of processing: Consumers have the right to restrict the processing of their data in certain situations.
  5. Right to data portability: Consumers have the right to receive their data in a structured, commonly used and machine-readable format.
  6. Right to object: Consumers have the right to object to the processing of their data for direct marketing or other purposes.

It is important, and mandatory, to inform visitors to your website about their rights. Every company processes personal data differently. That is why you must inform your visitors about what you do with their data and how you protect them. This information is incorporated into a privacy policy. After that, of course, it is also the intention that you do what you promise.

Cookies and their role on websites
What are Cookies?

Cookies are small text files that websites store on a visitor’s device. They help remember preferences, track user behavior, and improve the overall user experience.

Types of cookies

There are different types of cookies, including:

  • Functional cookies: These cookies are essential for the basic functionality of a website.
  • Analytical cookies: These cookies collect information about how visitors use a website, such as pages visited and length of visit.
  • Advertising cookies: These cookies are used to display advertisements that are relevant to the visitor.
  • Social media cookies: These cookies enable users to share content from the website on social media platforms.

Purposes of cookies

Cookies have various purposes, such as improving the user experience, collecting statistics about website use and offering personalized advertisements.

Cookie banners: necessary and informative
What is a cookie banner?

A cookie banner is a notice that appears on a website to inform visitors about the use of cookies and to give them the opportunity to consent to their cookie. According to the GDPR, websites must inform visitors about the use of cookies and obtain their consent before placing non-essential cookies.

Best practices voor cookiebanners

Some cookie banner best practices include:

  • Be clear and transparent about the use of cookies.
  • Offer visitors the opportunity to adjust their cookie preferences.
  • Make sure that the cookie banner is not intrusive and does not interfere with the use of the website.
  • Only collect consent for non-essential cookies.
  • Respect visitors’ choices and save their preferences for future visits.
  • And most importantly: Make sure the cookie banner also works. We see a lot of websites where when the cookies are refused, they simply remain. It is also prohibited to place cookies before the user has made his choice.

Common mistakes when using a cookie banner

Here are some common mistakes when using a cookie banner:

  • Do not have a cookie banner, but (non-essential) cookies are indeed used.
  • A cookie banner does not work properly or is unclear, so that visitors are not properly informed.
  • Not offering an option to decline non-essential cookies.
  • Automatically assume consent without explicit consent from the visitor.
  • Ultimately, the choices are not respected: the visitors refuse cookies, but they are still used.

The two most common cases we encounter in Belgian SMEs are:

  • There is a privacy policy on the site, but this is only a partially completed template. Completing a privacy policy is often something that website builders wait until the end, so it is often forgotten, or there is no budget left to draw it up adequately.
  • Many sites already have a cookie banner, via a free plugin everything seems to be fine. But if you dig a little deeper, not all cookies appear to be included in the preferences, or your preferences (in case of refusal) do not work. This is more common than you think, because the average visitor does not dig into the technical side of the website to check whether his / her choices are being respected.

Stormlabs: your partner for GDPR, privacy and cookie policy
Our services

Stormlabs offers comprehensive services to help your company comply with the GDPR, implement an effective privacy policy and develop a correct cookie banner. We make sure that your company meets the legal requirements and that you maintain the trust of your customers. In addition, we offer total solutions to provide you with a high-quality and high-performance website.

Let Stormlabs get your GDPR and cookie policy in order

Contact Stormlabs today to discuss how we can help your company comply with the GDPR and implement an appropriate privacy and cookie policy. Avoid fines and protect your customers’ privacy with Stormlabs’ expertise.


Compliance with the GDPR, implementing a clear privacy policy and the correct use of cookies are essential for Belgian companies that want to maintain customer trust and avoid fines. And this will only become more important in the future. By following best practices and avoiding common mistakes, you can ensure your business is compliant with regulatory requirements. Stormlabs is ready to help you navigate these complex regulations and create a compliant and user-friendly online environment for your customers.