What does your 123 one say currently?
My understanding is that users have to be given the right to opt in from the moment they arrive at your page. So Google Analytics, for example, should be off until you agree - no cookies should be collected until someone agrees. But so many I see aren’t like that and generally work on the basis that, unless you say otherwise, cookies will be collected and indeed have already started to be, namely GA. Indeed some VA sites I’ve looked at have these “official” plug-ins coded for them, yet I’ve been able to dismiss the pop-up and so not agree, but not not agree either. When I later go back to it, it’s assumed I have agreed, and will continue to do so until I say otherwise. And I don’t think that’s GDPR compliant.
There’s a load of stuff on forums about how a lot of these plug-ins aren’t sophisticated enough for true GDPR compliance. It all sounds rather complicated to me and even after an hour call with my dad last night, who was a senior software developer, I don’t fully understand it.
Complications are added too when, as you say, the code and PP has to match. As mine has been drawn up for me, it then starts getting even more complicated.
The conclusion we came to is my dad, bless him, is going to write the code needed so GA is off until the user agrees. I don’t use any other cookies, so there’s no other issues otherwise. To me that sounds straightforward, but apparently it’s not as simple a simple code and a good bit of work to draw up.
It all seems a load of drama over nothing for the likes of work I/we do. I understand why different for other companies and industries.
Thanks for the detailed response! Much appreciated.