5 Privacy Trends for 2025: What to Watch For
Heraclitus said that “The only constant in life is change,” but...
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: July 18, 2023
Published: March 3, 2023
No matter how thorough your evaluation process is, deciding on a given software solution can be like taking a leap of faith. There’s just no way to really know what it’ll be like until you actually get your hands on the solution and start implementing it.
Ostensibly sleek and modern solutions can, in reality, be a jumbled mess once you start putting them to work. And “jumbled mess” isn’t something you ever want to associate with your consent management platform (CMP). Software in this category is meant to keep you compliant with the law—and obeying the law shouldn’t be hard or complex.
Still, there are plenty of CMPs that are difficult to implement, leaving users frustrated with the time and cost and uncertain about their compliance. We’ve identified 5 red flags that businesses can look out for to avoid the CMPs that make compliance harder than it has to be.
Once you’ve purchased a solution, you shouldn’t have to pay more for the privilege of having it actually function.
There are numerous CMPs out there that are so complex, a small ecosystem of third-party vendors exists solely to implement it. This raises several questions that should have you scrutinizing the CMP vendor more thoroughly:
This sort of implementation work is part of the reasons why third-party specialists exist. CMPs that require you to mess around with your website code or tag manager directly needlessly increase complexity. With this approach, you’ll need to carry out tasks like:
Considering that many businesses have dozens or hundreds of different data tracking scripts on their website, this work can become prohibitively tedious very quickly. Even businesses with full-time privacy professionals on staff are better served by having those privacy professionals work on internal compliance education, developing a well-designed privacy program, and delivering on other compliance requirements than spending all of their time fiddling with Google Tag Manager.
CMPs are meant to keep you in compliance with cookie consent laws—one would think that would include the consent banner requirements described by those laws. Many CMPs, however, are still leaving cookie banner design and management up to the end user.
While CMPs will often include template banners, they leave the actual implementation of those banners up to you. That means you need to understand the different requirements of the different jurisdictions in which your business operates, keep tabs on whether those requirements have changed, and evaluate whether your banner design is actually compliant.
For instance, many jurisdictions have prohibitions against the use of dark patterns (i.e., manipulative design practices) in consent banners. This can be as subtle as using a different color for the “reject cookies” button than the “accept cookies” button.
In an ideal world, your CMP will automatically deploy compliant banners based on jurisdiction, and they’ll own the process of updating those banners. Some CMPs even give you the ability to design and customize your banner but put guardrails in place so you don’t accidentally become noncompliant.
If somebody were to ask you how many data trackers are active on your website, would you be able to tell them immediately? Even the most privacy-savvy professional would struggle to do so. But they wouldn’t struggle with explaining why being able to find the answer quickly is important.
When you don’t know what’s collecting data on your website, what’s happening to that data after collection, and where it’s going, you can’t be in compliance with data privacy regulations. You also can’t pinpoint problematic vendors whose data trackers are collecting in excess, and you can’t be certain whether the rest of the organization is adding whatever they want to the website or whether they’re adhering to data privacy best practices.
Some CMPs fail to acknowledge this awareness gap and lack transparency into their data tracker scanning process. They may not alert you when new data trackers are discovered on the website, and they may only scan for data trackers once every few weeks or once a month, allowing potentially noncompliant data trackers to be introduced on the website in the interim.
Support should be baked into the price tag of your subscription. If it costs extra to get better support, or if support is billed on a usage basis, then the CMP vendor is incentivized to keep their product complex and to address problems with brittle solutions.
It also signals a lack of concern for you as a customer. Usage-based billing for support is a tactic to discourage excessive support requests—which is exactly what a company that sells a troublesome CMP might experience.
While there are some CMP vendors out there with unnecessarily challenging implementations, the technology in this space is getting better and better as regulations standardize and consumer needs are better understood. There is still a great deal of variety in CMPs, however, and the subscription price isn’t always commensurate with quality.
Armed with the red flags identified in this article, you’ll be in a good position to find a solution that truly solves your compliance problems—without introducing a whole new set of problems.
If you’re in the process of evaluating CMPs, you’ll also benefit from reviewing Osano’s CMP Scorecard. This template provides a place for you to score different CMPs you’re considering and points you in the direction of key questions to asks in order to effectively evaluate the quality of a given CMP.
We hope it helps! Once you’re ready, feel free to schedule a demo of the Osano CMP—we’re excited to see how we can help you resolve your compliance pains (without introducing any new pains during the implementation process).
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Matt Davis is a writer at Osano, where he researches and writes about the latest in technology, legislation, and business to spread awareness about the most pressing issues in privacy today. When he’s not writing about data privacy, Matt spends his time exploring Vermont with his dog, Harper; playing piano; and writing short fiction.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.