DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

๐Ÿ‡ฌ๐Ÿ‡ง United Kingdom

Cookie consent in United Kingdom

Consent and privacy law in United Kingdom

In short
After Brexit the UK retained the GDPR as the UK GDPR alongside the Data Protection Act 2018, enforced by the ICO. Cookie consent specifically falls under PECR, the Privacy and Electronic Communications Regulations, which require prior consent for non-essential cookies. The maximum fine under the UK GDPR is 17.5 million pounds or 4 percent of global turnover. The ICO has signalled a stronger focus on cookie banners that make rejecting harder than accepting and wrote to major websites about this. UK reform legislation has been adjusting the regime, but the core opt-in requirement for non-essential cookies remains under PECR.
Authority
Information Commissioner's Office (ICO)
Status

UK GDPR and Data Protection Act 2018 since Brexit, with PECR for cookies

Primary law
UK GDPR
Languages

en

Who must comply

Organizations established in the UK, or targeting or monitoring people in the UK.

Penalties

Up to 17.5 million pounds or 4 percent of global annual turnover, whichever is higher

Key obligations

  • PECR-compliant prior consent for cookies
  • Clear, granular choices
  • Demonstrable consent records
  • Easy withdrawal
  • Data subject rights handling

Local guidance

  • Apply the UK GDPR and the Data Protection Act 2018
  • Use PECR for cookie consent, requiring opt-in for non-essential cookies
  • Give Reject equal prominence to Accept, as the ICO expects
  • Watch UK data protection reform for ongoing changes

How ConsentX helps

  • PECR-ready prior blocking
  • Granular per-category consent
  • Audit-ready evidence trail
  • DSAR intake and SLA timers
Get started free
yoursite.com
๐Ÿ‡ฌ๐Ÿ‡ง United Kingdom

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with United Kingdom using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under United Kingdom.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that United Kingdom requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a United Kingdom audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does the GDPR still apply in the UK after Brexit?+

Yes. The UK retained the regulation as the UK GDPR alongside the Data Protection Act 2018. Cookies are governed by PECR, which requires consent for non-essential cookies.

What is PECR?+

PECR stands for the Privacy and Electronic Communications Regulations. It governs cookies and electronic marketing in the UK and requires prior consent for non-essential cookies and trackers.

What are the maximum UK GDPR fines?+

The maximum fine under the UK GDPR is 17.5 million pounds or 4 percent of global annual turnover, whichever is higher.

Governing law

๐Ÿ‡ฌ๐Ÿ‡ง UK GDPR