Irish companies face potential fines for non-compliance with GDPR

Dave McEvoy of Sligo based digital company, Dmac Media has warned businesses that they may not be compliant with the new guidance on cookie compliance.

A number of Irish start-ups and SME’s may not be compliant with the new rules surrounding GDPR, according to Dave McEvoy of Sligo based digital company Dmac Media.

In April this year, the Irish Data Protection Commission released updated guidance on cookie compliance for Irish websites.

Irish businesses were given six months to update their websites in line with this newly clarified advice on cookie management. From October 6th, 2020 Irish businesses could face financial penalties under the GDPR legislation for non-compliance.

A cookie is a small text file on a device used to store information. By placing a cookie on a website, it allows the website to have a memory of the users’ computer activity.

“The important thing for businesses to note is that they are not allowed to assume consent”

If a user clicks not to accept cookies some features of the website may not be available to them. However, when they click to accept, they may unwittingly be agreeing to share their information with a plethora of advertising platforms.

Since GDPR measures were introduced in May 2018, most website owners are aware that their website needed a cookie message, but the vast majority of these messages are not compliant with the law.

Where the majority of Irish companies fall down is in disclosing the way the cookies are used. For example, most people do not specifically agree to share their information to be used by advertising platforms, yet remarketing campaigns follow them from site to site online.

Discussing the issue, Dave McEvoy, director of Dmac Media said, “In short, cookies used for anything other than primary functionality have to have your permission to be placed on your device. Yes, website owners tell their customers about cookies, but they carried right on using the information incorrectly, nonetheless. This goes against both the spirit and the letter of the regulations.” 

Dave McEvoy says time is running out for businesses to update their websites

To become compliant, Irish companies must update their online cookie message. Websites should not set any cookies that require consent until after the user has expressed permission.

The website needs to allow the user to reject or accept the setting without promoting one option over the other and it must give the user the ability to manage their consent options. Website owners need to ensure that only those that have given consent are included in future marketing campaigns.

“The important thing for businesses to note is that they are not allowed to assume consent, nor are they allowed to sway the visitor to a yes rather than a no, when seeking permission. A simple permissions update will solve the issue, but companies need to be aware that the deadline is looming,” added Mr McEvoy.

With the deadline for compliance fast approaching, Dmac Media are strongly advising Irish companies to check that their cookie management is up to date to avoid facing hefty fines. For more information see

By Stephen Larkin

Published: 29 July, 2020