Go-live checklist
Go through this before your banner goes live. Each item links to the page that explains it.
- The first thing people see says what data you collect and why.
- It says who you are, and — if you share data with other companies — how many.
- People can say yes to some purposes and no to others, separately.
- No boxes or toggles are switched on by default — on any screen.
- “Accept” and “Refuse” are on the same screen and look equally prominent.
- Refusing is as easy as accepting — same number of clicks, just as easy to spot.
- Buttons use plain words like “Accept” and “Refuse”.
- Before choosing, people are told they can change their mind later, and how — and that option stays reachable at any time, not just in the banner.
- Tracking and advertising cookies only load after someone clicks accept — never before.
- For low-risk cookies you run without asking (security, shopping cart, basic stats): you’ve written down why that’s fair, and people can easily object.
- If you use a cookie-banner tool, you’ve checked its default settings actually meet everything above.
References
Section titled “References”- Dutch DPA — Heldere cookiebanners (source, updated 09 Oct 2025)
- GDPR (AVG) art. 4(11) · art. 7 · Telecommunicatiewet art. 11.7a
- EDPB — guidelines on consent; Cookie Banner Taskforce outcomes