Cookies are small files which are stored on a user's computer. They are designed to hold a modest amount of data specific to a particular client and website and can be accessed either by the web server or the client computer. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next.
There is a lot of concern about privacy and security on the internet. Cookies do not in themselves present a threat to privacy since they can only be used to store information that the user has volunteered or that the web server already has. Whilst it is possible that this information could be made available to specific third-party websites, this is no worse than storing it in a central database.
Not all cookies are used in a way that could identify users, but the majority are and will be subject to the GDPR. This includes cookies for analytics, advertising and functional services, such as surveys and chat tools.
To become compliant, organisations will need to either stop collecting the offending cookies or find a lawful ground to collect and process that data.
Implied consent is no longer sufficient. Consent must be given through a clear affirmative action, such as clicking an opt-in box or choosing settings or preferences on a settings menu. It must be as easy to withdraw consent as it is to give it and sites will need to provide an opt-out option.
In your admin panel, within the left-hand sidebar under Tools, you will find 2 new options - Erase and Export Personal Data. These options are fairly self-explanatory - using the erase data option will delete all data for a selected user on your website. Order details and any other personal information pertaining to that user will be removed permanently. Likewise using the export option will give you the ability to transfer that same data for a user to another location.