Now that under GDPR Cookies and Ip addresses come under PII, any advice from those who have implemented GDPR-related changes in their organization on the following:
Any comments on the above will be greatly appreciated.
Other than GDPR requirements, all businesses in the European Union (EU) must comply with the 2009 E-Privacy Directive (EU Cookie Directive).Obtain consent before sending information through cookies. This law requires websites to obtain consent from visitors to place cookies which store or retrieve information on a computer or other web connected device.
In January 2017, the European Commission published a draft ePrivacy Regulation as part of a process to replace the current ePrivacy Directive, aiming to consolidate member state implementation and align with the General Data Protection Regulation, which comes into force in May 2018. In its latest, the full plenary of the European Parliament has voted to move forward with the its version of ePrivacy Regulation and enter into negotiations with the EU Council and EU Commission on a final text of the legislation.
When implementing cookies in our deployments, we will need to watch this space in meeting all EU requirements.