Some cookies are strictly necessary in order to make your website work correctly. Under the EU Cookie Directive you can set this type of cookie without the user’s prior consent. If your website is serving individuals from the EU and you – or embedded third party services like Google or Facebook – are processing any kind of personal data, you need to obtain prior consent from the visitor.
You must also make it possible for the visitor to change or withdraw consent. Non-compliant organisations risk heavy fines of up to €20 million, or 4% of the organization’s global yearly turnover, whichever is higher.