CMP Step by Step: From Tool Selection to Implementation

In our previous article, we provided an overview of the Consent Management Platform (CMP), highlighting the offered business benefits. However, it is necessary to realise that implementing a CMP requires careful consideration since it goes beyond understanding the relevant data protection regulations. Companies opting for a CMP implementation should consider several crucial factors, which we will delve into in this article. Continue reading to discover effective approaches to CMP implementation and explore examples of tools available in the market.

Implementing a Consent Management Platform

Implementing a Consent Management Platform is essential for maintaining compliance with privacy regulations. With a CMP in place, the company can ensure that only necessary cookies are enabled by default while activating others requires explicit user consent. Here are the essential steps organisations should take to implement a CMP properly:

Identification of Legal Requirements and Assessment of the Current State

To begin with, it is crucial to consider the size of the target market where our services are provided or intended to be provided. Each region we target requires us to align with the relevant legal framework.

Once the target locations have been identified, it is necessary to assess the current website state. This assessment involves analysing the behaviour of both external provider cookies and first-party cookies, which will be documented for further reference. Close collaboration with the Data Protection Officer ensures a reliable foundation for subsequent steps.

Selecting the Right CMP to Meet the Organisation’s Requirements

Whether you are developing a CMP solution within your CMS platform or considering an external provider, it is essential to align your organisational requirements with the assessment findings of the current service. When you compare different tools, consider not just their functionality but also whether they comply with the regulations of the target location. Please remember that a consent management platform needs to comply with the regulations of the region where users are located, rather than the company location. This rule applies to both global brands and local businesses.

Identification of Suppliers & Cookies and Their Categorisation

Please note that the solutions implemented on the website, such as plug-ins or scripts, serve different purposes and are subject to varying degrees of data privacy regulations. Some are essential for the website’s operation and cannot be blocked, while others enhance the browsing and user experience. Additionally, some solutions are used to track user behaviour and share information with external providers.CMP tools facilitate the pre-classification of service providers on the website, allowing for optimised settings and cookie classification. Once the Cookie Banner is triggered, visitors can decide which cookies or categories of cookies they want to block or permit while browsing the website.

Configuring and Implementing CMP on a Website or Application: Testing and Verifying CMP Functionality

The CMP tool setup process involves three main steps:

1. Entering data into the administration panel, including supplier information, cookie classifications, and descriptions. While the CMP automates this process, manual adjustments can be made as needed throughout the classification process.
2. Customising the visual aspect of the Cookie Banner to align with legal requirements and match the website’s visual design.
3. Defining cookie rules in the page source and Tag Manager (e.g., GTM) to ensure dynamic adaptation based on user consent.

The next step involves conducting a comprehensive analysis of the implementation and evaluating the performance of different cookies. The introduced solutions must comply with the legal regulations defined in the initial implementation phase.

Pay close attention to avoiding the “Ghost Banner” phenomenon, where the Cookie Banner on the website may give the illusion of allowing user consent choices but fails to reflect that in practice, potentially resulting in unauthorised data collection and transfer.

Training Staff on CMP Tool Utilization

The final stage of the implementation process is conducting a post-implementation workshop to train employees on the implemented CMP solution and the operating principles of the service. Equipping employees with this knowledge enhances transparency in data privacy compliance, leading to increased brand loyalty among online users. By following these steps, you can leverage both internal and external tools to make data-driven business decisions and enhance the effectiveness of your marketing activities, gaining a significant competitive advantage.

Key Features and Functions for Effective Consent Management

When choosing a Consent Management Platform (CMP), it is worth considering specific functions necessary for your implementation. This is because not every organisation will need the full scope of capabilities available through third-party solutions. Some of the most significant CMP features include:

• Guidelines on the rules for collecting consent to launch cookies.
• A minimal, easy-to-use cookie consent system.
• Detection and classification of cookies.
• Collection of cookie consent from selected providers.
• Managing user preferences, including choices regarding marketing and analytical cookies.
• Deletion of user data when necessary.

In addition, external CMP solutions may offer the following benefits:

• Legal advice options.
• Full maintenance of the service.
• A free trial version or a tool that is free to use.

By exploring the range of functions offered by these tools, you can identify the elements most relevant to your organisation and proceed to the next step of choosing a specific solution.

Which CMP tool to choose?

We have described the CMP platforms we frequently implement for our clients, with a list of the offered features. However, determining the best solution is subjective and depends on your company’s specific needs. It is essential to make your assessment and choose a CMP tool based on your requirements.

OneTrust

OneTrust is software for privacy, security, and data management that helps small and large businesses monitor privacy levels effectively. By leveraging its capabilities, organisations can implement their business functions in compliance with global privacy regulations and standards.

This platform offers a range of features, including:

• Risk assessment
• Audit trail
• 3rd-party vendor management
• Incident management
• Compliance management

Cookiebot

Cookiebot is an online solution designed to help users comply with the cookie management guidelines set out in the General Data Protection Regulation (GDPR). The platform allows users to check whether the collection and use of cookies on their website are compliant with the GDPR and the ePrivacy Directive (ePR). Cookiebot enables organisations to tailor their CMP to meet the legal requirements in different countries and also provides integration with other tools such as Google Analytics and Facebook Pixel.

Cookiebot’s key features include:

• Step-by-step guided process
• Identification of sensitive data
• Data mapping
• Consent Management
• Incident management
• Policy management
• Multilingual support
• Interactive dashboard

CookieYes

CookieYes is a CMP solution that scans your website for cookies and automatically adds them to the list in the supplier management panel. It goes a step further by automatically blocking third-party cookies on your website before obtaining user consent, ensuring compliance with privacy regulations. With CookieYes, users can selectively enable or disable different cookie categories when giving consent.

Key features offered by CookieYes include:

• Identification of sensitive data
• Consent Management
• Incident management
• Policy management
• Multilingual support
• Interactive control panel

UserCentrics

Usercentrics is a CMP service that prioritises blocking third-party technologies on your website. These technologies are only activated for users who have given their consent through the CMP. One of its unique features is the ability for users to preview content, which encourages them to interact with the consent layer using a preview image.

Key features of Usercentrics include:

• Multi-user support
• Identification of sensitive data
• Data mapping
• Consent Management
• Incident management
• Policy management
• Support for multiple languages
• Interactive dashboard

What Do These Solutions Have in Common?

All the described tools have built-in mechanisms to trigger Google tags in Google Consent Mode. This allows for the activation of the following Google services:

• Google Analytics
• Google Ads
• Floodlight
• Conversion Linker

These tools also adjust their operation based on the user’s consent status. Please note the decision regarding whether cookies should be triggered in conditional consent mode or only after full user consent has been obtained depends on the business and legal department’s evaluation.

What is Conditional Activation of Google Tags in Consent Mode?

If you have reached this part of the article, you are likely familiar with the processes involved in collecting cookie consent. You may also be aware that running a Consent Management Platform (CMP) together with Consent Mode for Google tags is the most effective way to ensure a fully functional consent collection mechanism and analyse user behaviour data. This is particularly relevant when using Google’s web analytics and online activity tools.

Consent Mode informs Google about the user’s consent status regarding the use of cookies and application identifiers. Consequently, the behaviour of the Google tags can be adjusted based on the user’s choices. Whether you utilise a user consent management platform or a custom implementation like a cookie consent request banner, integrating a CMP with Consent Mode provides a comprehensive solution for managing user consent effectively.

When a user interacts with a cookie consent banner or widget and makes a selection, the consent mode feature comes into play. It dynamically adjusts the functioning of various Google services, such as Analytics or Ads, responsible for generating or reading cookies. If a user has not given consent, the tags associated with these services do not create cookies. Instead, they send signals, known as pings, to Google. If you are using Google Analytics 4, any missing data in the reports is supplemented by Google using conversion and behavioural modelling techniques.

Summary

As we navigate the evolving landscape of web analytics, user behaviour, advertising practices, and privacy regulations, it is evident that the era of cookies may be coming to an end. However, before we face the imminent “Cookiegeddon,” it is crucial to seize every opportunity to ensure the data we rely on for insights is accurate and reliable.

While implementing GA4 with a consent management platform and activating Google Consent Mode is a step in the right direction, it alone is not sufficient. There are challenges beyond legislative restrictions, as browsers are limiting the cookie lifespan more frequently. This poses difficulties in analysing the behaviour of returning users, among other things. One possible solution to this challenge is implementing server-side analytics, which provides greater control over cookies and bypasses browser-level limitations on their lifespan. In my upcoming posts, you will learn more about this approach as well as alternative options to Google Analytics.

FAQ

Contact Us