The ICO (https://ico.org.uk/) have recently clarified the use of cookies on websites in line with GDPR.
The basic message is that you have to tell people that you set cookies or not then if you do, clearly explain what they do and why. You also need to get the visitor’s consent to store cookies and this needs to be actively and clearly given.
This refers to the use of cookies which aren’t necessary and includes analytics, e.g. cookies used for Google Analytics.
Cookies which are necessary for the running of the site (including remembering a visitors cookie preferences) are fine to use, but you still need to tell a visitor about them.
You also need to have a clear privacy and cookie policy and a link to that needs to be easily accessible for visitors.
The best way to show the message and the link is via a “pop-up” or banner which appears when a visitor goes to a website for the first time.
If you have any questions about cookies, privacy policies or other aspects of technical running of a website, please do get in touch.