From May, 26, 2012, websites need to obtain users' opt-in consent first if they want to install cookies that pass on information about browsing activities to third parties, or risk fines up to £500,000.
The regulation on the use of cookies derives from an amendment to the EU's Privacy and Electronic Communications Directive.
Although the EU directive came into force on May 26, 2011, the Information Commissioner's Office (ICO) gave UK businesses 12 months to "get their house in order".
But 95% of UK companies have yet to comply, according to a study by consultancy KPMG that analyzed the websites of 55 large businesses.
The clock is ticking, said Graham. "We gave industry a year's grace, but when that runs out we will certainly be responding to complaints about organisations that are not following the rules," he told Computer Weekly.
The ICO's concern, he said, will be with UK companies that cannot demonstrate they have thought about compliance, and that they are in the process of putting something in place to give consumers the right they have under the law to give their consent for cookies to be placed on their machines.
However, Graham said the ICO did not do enforcement for enforcement's sake and that UK companies can still take action ahead of the deadline.
The first step, after looking at the advice published on the ICO website, he said, would be to do an audit of all the cookies that a company's systems are placing on other people's computers.
"When the ICO comes to call, we will certainly expect businesses to know what their websites do, we will expect them to be clearing up and getting rid of all unnecessary cookies, and we will expect them to have a plan in place to become compliant," said Graham.
This story was first published by Computer Weekly