Yes — under PECR and UK GDPR, a Cookie Policy is required separately from your Privacy Policy. Here's why and what it needs to cover.
Many businesses include a brief mention of cookies in their Privacy Policy and assume that's sufficient. It's not. Under the Privacy and Electronic Communications Regulations (PECR) and UK GDPR, you need a separate, dedicated Cookie Policy.
Your Privacy Policy covers all personal data processing. Your Cookie Policy specifically covers the tracking technologies you use on your website. The ICO guidance makes clear that cookie information should be clear, prominent and accessible — not buried in a general Privacy Policy.
Loading interactive view…