Which point is breached most often?

Prior blocking: many sites show the banner but load Analytics or pixels before the user accepts. It's the most common and most penalized mistake.

Do I have to allow rejecting cookies?

Yes. Rejecting must be as easy as accepting. A banner with only «Accept» doesn't comply.

How often should I review cookies?

Whenever you add plugins, embeds or marketing tools, and at least periodically. Cookies change often without you noticing.

Cookie compliance checklist (GDPR)

Go through it point by point to see if your site complies. If you tick everything, you're on track; if something fails, you know exactly what to fix.

1. Before asking for consent

You've identified all non-essential cookies and scripts.
No non-essential cookie loads before consent.
You have Google Consent Mode v2 on «denied» by default.

2. The banner

«Accept» and «Reject» are at the same level and equally easy.
Users can choose by category (analytics, marketing, preferences).
There are no pre-ticked boxes or cookie walls.
Consent can be withdrawn or changed at any time.

3. Information and policy

You have a clear, up-to-date cookie policy.
The policy is linked from the banner.
You disclose purposes, providers and cookie duration.

4. Proof and maintenance

You keep a record of consents as proof.
You review cookies periodically (new plugins, embeds, pixels).
You re-request consent if the purposes change.

Consentio covers the full checklist with a lightweight snippet: real prior blocking, a banner with reject, Consent Mode v2, policy and consent logging.

This guide is informational and does not constitute legal advice.