Overview
This article helps you understand and manage cookie compliance on your Access Volcanic careers site. You'll learn what cookies are present, how to configure appropriate consent controls, and when you may need a third-party Consent Management Platform (CMP). This guidance is designed for site administrators responsible for ensuring your site aligns with GDPR cookie consent requirements, particularly when using third-party tracking tools like Google Analytics.
Key benefits
Identify cookies present on your site through scanning tools.
Configure appropriate consent controls based on your cookie usage.
Meet GDPR cookie consent requirements for your careers site.
Choose and implement suitable third-party cookie solutions when needed.
Support Google Consent Mode Version 2 (V2) for advertising and marketing services.
Maintain compliant cookie documentation and declarations.
Before you start
Before managing cookie compliance, make sure you have:
Admin access to your Access Volcanic website.
Knowledge of third-party tools installed on your site, including specific tools like Google Analytics, Facebook Pixel, Google Ads, LinkedIn Insight Tag, or Hotjar.
Access to cookie scanning tools to identify cookies present on your site.
β οΈ Important: Access Volcanic is not authorised to provide legal or compliance advice. Seek formal guidance from your organisation's legal or compliance teams or a qualified third party.
π Note: GDPR may apply even if your organisation is not based in the EU. If your website is accessible to users in the EU, GDPR requirements may still apply.
Cookies on your site
Your Access Volcanic site includes platform cookies added by Access Volcanic and may include additional cookies from third-party tools you have installed.
Types of cookies
Your site can include:
Platform cookies added by Access Volcanic for core functionality.
Third-party cookies from tools including Google Analytics.
To remain compliant, your cookie solution must notify users about cookies being used and capture appropriate consent based on which cookies are present.
Volcanic platform cookie
All Volcanic websites include at least one necessary platform cookie. In cookie scans, this often appears as Host-_krakatoa_session.
This session cookie helps the website remember user actions such as whether a user is logged in. It supports core website functionality and provides a smoother user experience.
π Note: The Krakatoa session cookie is necessary for functionality and should be categorised as a necessary cookie in your cookie solution.
Identifying cookies through scanning
Use a cookie scanning tool to identify cookies on your site. Cookie scanning tools analyse your website and generate reports showing all active cookies. For example, you can use CookieYes' free website scanning tool.
Run a cookie scan on your live site using your preferred scanning tool. This generates a report showing all cookies detected during the scan.
Download or open the scan report when the scan completes.
Review the report to confirm each cookie's name, domain, duration, and type. Pay particular attention to cookies you don't recognise.
Compare the scan results against your cookie solution to confirm all cookies are listed and correctly categorised. Update your configuration if you find missing or miscategorised cookies.
π Note: Use your scan results to confirm both which cookies are present and whether they are correctly classified in your cookie management solution.
Cookie pop-ups and consent requirements
A cookie pop-up informs users that cookies are in use and allows users to provide consent where required under GDPR.
The type of cookie pop-up you need depends on the cookies present on your site.
Here's a decision framework to help you choose:
Your situation | Recommended approach |
You only use Volcanic platform cookies | The Volcanic built-in cookie pop-up may be sufficient |
You use Google Analytics, Google Ads, or Facebook Pixel | A third-party CMP with granular consent controls is typically required |
You need category-based consent (analytics, marketing, necessary) | A third-party CMP is required |
You use Google Ads or similar advertising services | A third-party CMP supporting Consent Mode V2 is typically required |
β οΈ Important: The Volcanic built-in cookie pop-up is designed for platform cookies only. If your site uses Google Analytics, Google Ads, Facebook Pixel, or similar third-party tracking tools, implementing a third-party CMP with appropriate consent controls is typically necessary to meet GDPR requirements.
Customising the Volcanic cookie message
If you are using Volcanic's built-in cookie pop-up and only have platform cookies, you can update the message shown to users in Theme Content. This controls the text users see when the cookie notice appears.
In Theme Content, scroll to Miscellaneous or use Find by reference and search for cookie. This helps you quickly locate the cookie message field.
Find cookie_policy_msj in the list. This is the field that stores your cookie pop-up text.
Click the text next to cookie_policy_msj and enter your updated cookie message. Keep the message clear and appropriate for your cookie usage.
Click the blue tick to save your changes.
Refresh your site in a new browser window or incognito session to confirm the updated message appears correctly.
π Note: Volcanic's built-in cookie pop-up is designed to cover Volcanic platform cookies and is usually added when your site is first set up.
Testing your current cookie pop-up
Before making any changes, confirm what users see when they visit your site. This helps you understand your starting point and plan appropriate changes.
Test what users see
Clear your browser's cache and cookies and reload your site, or open a new incognito or private browsing window and visit your site. This ensures you see the pop-up as a first-time visitor would.
Wait for the page to load and check whether a cookie pop-up appears.
Note what type of pop-up you see:
No cookie pop-up at all.
A simple banner with a single option such as Got it or Accept.
A more advanced pop-up with options to accept, reject, or set preferences by category.
What your results mean
If you do not see any cookie pop-up or see only a simple banner with a single option, and your site uses third-party tracking tools such as Google Analytics, Facebook Pixel, or Google Ads, you should consider implementing a suitable third-party cookie solution.
Determining when a third-party CMP is needed
A third-party CMP provides more advanced cookie consent controls than the Volcanic built-in pop-up. Consider using a third-party CMP when any of the following situations apply:
You have installed Google Analytics, Adobe Analytics, or similar analytics tools that track user behaviour.
You use Google Ads, Facebook Pixel, LinkedIn Insight Tag, Yell PPC, or other advertising and marketing pixels.
You want a more advanced consent experience including category toggles, deny options, or detailed preference controls.
You need to support Google Consent Mode Version 2 (V2) for Google advertising services.
Your organisation's legal or compliance team advises that granular consent controls are required.
At a minimum, a suitable third-party CMP should allow users to opt in or opt out of cookies where required and deny specific categories of cookies such as analytics or marketing cookies.
π Note: When you add new third-party tools in future, review whether they add additional cookies and confirm that your CMP supports them appropriately.
Google Analytics and Consent Mode V2
Google Analytics and GDPR requirements
Google Analytics is a third-party tool that tracks and gathers information about users visiting your website. Because of the nature of this tracking, GDPR introduces specific requirements when you use Google Analytics or similar tools.
β οΈ Important: The Volcanic built-in cookie pop-up is designed for platform cookies only. If Google Analytics, Facebook Pixel, or similar tracking tools are installed on your site, implementing a third-party CMP that can control these cookies appropriately is typically necessary to meet GDPR cookie consent requirements.
Google Consent Mode Version 2
Google's Consent Mode Version 2 (V2) helps align tracking and advertising services with European privacy requirements by communicating user consent choices to Google services.
This becomes particularly important if you use services such as Google Ads, Yell PPC, or similar advertising or marketing services. In these cases, selecting a CMP that explicitly supports Consent Mode V2 is typically recommended.
β οΈ Important: If Consent Mode V2 support is required for your advertising services and is not properly configured, your site may be flagged as non-compliant and your ads may be disapproved.
Enabling Consent Mode V2
How you enable Consent Mode V2 depends on your CMP provider and your implementation method. Configuration typically involves these steps:
Review your CMP provider's documentation for their specific Consent Mode V2 setup instructions. This ensures you follow the correct process for your chosen provider.
Enable Consent Mode V2 in your CMP provider's settings or dashboard. This activates the feature within your CMP account.
Add any required code snippets to:
Page Tags (scripts that run across your entire website) in your admin area..
Or implement them in Google Tag Manager (GTM) if you use GTM for managing tracking codes.
Test your site to confirm that consent choices are correctly passed to Google Analytics, Google Ads, and other Google services. Use your browser's developer tools or your CMP's testing features to verify the setup.
π Note: Always follow your provider's installation and configuration instructions carefully, as each CMP may use a slightly different setup process.
Selecting a third-party CMP
There are many reasons to adopt a third-party CMP, including using Google Analytics or needing more advanced cookie controls and reporting capabilities.
Google's CMP partner list
Google maintains a list of Consent Management Platform (CMP) Partners on their website. This list can be a useful starting point when researching CMP providers that work well with Google services including Google Analytics and Google Ads.
Common CMP providers
CMP providers commonly used by Volcanic customers include:
Provider | Key features |
Enterprise-grade solution with comprehensive features and global compliance support | |
User-friendly interface with strong privacy-by-design focus | |
Automatic cookie scanning and categorisation with Consent Mode V2 support | |
Affordable option with Consent Mode V2 support and scanning features |
π Note: These examples may help your initial research. You should research and choose the provider that best meets your organisation's legal, compliance, and technical requirements. Your legal or compliance team may have specific recommendations.
Implementing a third-party CMP on your site
Once you choose a CMP provider, they will give you one or more scripts to add to your website and implementation instructions, which may include options for Consent Mode V2 and Google Tag Manager.
Adding CMP scripts using Page Tags or Google Tag Manager
Review your CMP provider's documentation: Identify the main scripts that must run on every page. These scripts typically control the cookie pop-up display and track user consent choices.
Add the scripts via Page Tags or Google Tag Manager:
Page tags: Add the CMP scripts exactly as instructed by your provider to Page Tags to apply across your entire website.
Google Tag Manager: Add the CMP-related code or data layer changes in Google Tag Manager (GTM), as per the provider's GTM-specific instructions.
Save your changes: Save or submit changes and test your site in an incognito or private browsing window to confirm the new cookie pop-up appears and behaves as expected.
Check that consent choices: Try accepting or rejecting analytics or marketing cookies are correctly affecting the loading of tracking scripts. For example, if a user rejects analytics cookies, Google Analytics should not load.
π€ Tip: In most cases, Page Tags are recommended for scripts that must run across the whole site, while Google Tag Manager (GTM) is used if your tracking approach is already GTM-based.
Removing the Volcanic built-in cookie pop-up
If you still have the Volcanic built-in cookie pop-up active and you want to replace it fully with your new CMP:
Confirm that your third-party CMP cookie pop-up is installed and working correctly.
Use the Access Digital Assistant to contact the Support team.
Request the removal of the built-in Volcanic cookie pop-up and include details of your site.
Once Support confirms the change, retest your site in incognito or private browsing to ensure that only your third-party CMP pop-up is displayed.
Maintaining compliant cookie documentation
After your cookie pop-up is live, you should maintain your documentation and regularly review cookies used on your site. Ongoing maintenance ensures continued compliance as your site evolves.
Reviewing and maintaining legal documents
Review your cookie policy and other legal documents to ensure they accurately describe the types of cookies you use, the purposes of those cookies, and how users can change or withdraw consent.
Update your documents whenever you add or remove third-party tools such as Google Analytics or Facebook Pixel, change your CMP provider or settings, or change your cookie categories or naming conventions.
Scanning and reviewing cookies regularly
Run regular cookie scans using tools such as CookieYes' website scanning tool to identify any changes in cookies. New tools may add unexpected cookies.
Compare scan results against your CMP configuration and confirm that all cookies are listed and cookie categories such as necessary, analytics, and marketing are correct.
Update your CMP configuration where needed so that all cookies are correctly classified and covered by your consent controls.
Adding a cookie declaration to your site
Many CMP providers offer a cookie declaration feature that lists the cookies detected on your site and their details. This provides transparency to users.
In your CMP, generate or copy the cookie declaration embed code from your provider's dashboard.
View the page as a user to ensure the cookie declaration appears and is readable.
Best practices
Scan your site for cookies whenever you add or remove analytics, advertising, or tracking tools to keep your CMP configuration accurate and up to date.
Review your cookie policy and other legal documents regularly to ensure they match the cookies and consent controls currently in use on your site.
Test your cookie pop-up and consent flows in an incognito or private browsing session after each change to confirm consent is captured and enforced correctly.
Consider the Volcanic built-in cookie pop-up as appropriate primarily for platform cookies, and plan to implement a third-party CMP when you introduce third-party tracking tools.
Keep a record of the CMP provider, version, and key configuration decisions so you can demonstrate your approach to cookie compliance if required.
π Note: Regular maintenance and testing help ensure your cookie compliance approach remains effective as your site and tools evolve.
FAQs
Q1: Can I use the Volcanic built-in cookie pop-up if I have Google Analytics installed?
Answer: The Volcanic built-in cookie pop-up is designed for platform cookies only. If you have Google Analytics, Google Ads, Facebook Pixel, or similar third-party tracking tools installed, implementing a third-party CMP is typically recommended to meet GDPR cookie consent requirements.
Q2: Do I need a CMP that supports Google Consent Mode V2?
Answer: If you use services such as Google Ads, Yell PPC, or similar advertising and marketing tools, selecting a CMP that supports Consent Mode Version 2 (V2) is typically recommended to maintain compliance and avoid ads being disapproved.
Q3: Does Volcanic provide legal or GDPR compliance advice?
Answer: No, Access Volcanic is not authorised to provide legal or compliance advice. You should seek formal guidance from your internal legal or compliance teams or a qualified external adviser for specific compliance questions.
Q4: Does GDPR apply if my organisation is not based in the EU?
Answer: Yes, GDPR may still apply if your website is accessible to users in the EU, even if your organisation is based outside the EU. Consult your legal or compliance team to confirm your obligations.
Q5: Can Volcanic Support help with my third-party CMP configuration?
Answer: Volcanic Support will always try to help where possible. However, they cannot provide full support for third-party cookie software configuration. Your CMP provider should be your main source of product-specific support and guidance.