You understand the importance of data privacy compliance, the ins and outs of cookie consent, and how a consent management platform can help; but what will the actual experience of implementing a CMP be like?
In this blog, we’ll describe exactly that. First, we’ll focus on what to expect during the implementation process itself. Then, you’ll learn what you can expect after implementing your CMP. Finally, we’ll talk about how you can maximize your outcomes both during and after the implementation process.
For now, it’s still relatively uncommon for organizations to keep a dedicated compliance professional on payroll. That means that identifying the need for, evaluating, and implementing compliance software like a CMP often falls to whoever owns the website. Compliance isn’t their main job; they’re just stuck with it.
If you count yourself among that number, you may be wondering how much work is involved in the implementation process. While different products can be more- or less time-consuming, implementing a CMP generally involves the following steps:
Generally speaking, the most difficult part of implementing a CMP will be configuring the rules and mechanisms for tracker blocking (i.e., step three in the list above). In order to comply with any and all data privacy laws, you need to know:
Then, your CMP can block or permit these categories of trackers according to the user’s preferences. But first, the CMP needs to know which trackers belong to which categories.
Depending on how your CMP actually conducts the blocking, this can be quite tedious. For example, some CMPs require an integration with your tag management system, which can be quite tedious to implement and maintain.
Tag management systems help businesses manage the pieces of code that drop cookies or track user behavior on your site. Since they create the tracker initially, many CMPs interact with this system to allow or block trackers at their source. The problem with this approach is that it requires a CMP to be integrated with individual tags within the system, which quickly becomes complex.
This isn’t the only approach, but it serves as a good example of what to avoid in a CMP. CMPs that require fiddling with the backend of your website or additional coding in order to classify and block trackers will be difficult to set up and maintain. A simpler approach (and the one that Osano takes) is for the CMP to work on the client side — once a CMP that takes this approach knows the categories of different trackers on your site, it blocks the trackers from the visitors’ browsers. This way, website visitors don’t get tracked, and you don’t have to mess around with your website’s backend.
Before implementing a CMP, you wouldn’t have been asking for user consent prior to tracking them. Because implementing a CMP means asking for user consent, you will inevitably see a large chunk of your web data disappear. There is no way to be compliant with data privacy laws and not have some amount of web data disappear off your radar; asking for consent or giving users the option to opt-out of collection means some of those users won’t let you track them.
This can be a shock to your marketing team. If you operate within a jurisdiction that requires opt-in consent before you can track your users, it may be a very big shock — like seeing half of your web traffic disappear. In other regions that only require you to provide users a means of opting out, it may only have a small impact. In either case, it will be a noticeable dip that you should be prepared for.
For the most part, CMPs won’t require significant upkeep. Instead, you’ll only have to update your CMP when you add new scripts to your website. For some businesses, this can occur quite frequently; for others, it’s a rare occurrence.
Your CMP needs to know what data privacy category the new scripts belong to (i.e., essential, analytics, functionality, or marketing) so that it can block or permit it appropriately. Thus, it’s important to consider how your chosen CMP approaches the classification and blocking of trackers, as described above. If it requires fiddling with the back end of your website during initial setup, it’ll require that same fiddling every time you add new scripts.
Implementing a CMP can have an impact on several different groups in your organization. Make sure you communicate:
Since classifying the categories of trackers on your website is often the most time-consuming part of a CMP setup and since you’ll have to repeat this activity when adding new scripts to your website, it’s important to evaluate a solution based on this feature. Ask how this process works whenever you book a sales demo.
Businesses can and do get penalized for presenting manipulative and/or misrepresentative cookie banners on their website. Some businesses even make it more difficult to opt-out of data collection by forcing users to make additional clicks or to navigate to separate pages.
There are a ton of minor requirements around cookie banners. A good CMP will have all of those requirements baked in and will prevent you from changing your banner in a way that violates data privacy laws. Total customizability is often a desirable feature in software, but that’s not the case when it comes to compliance.
If you’ve educated yourself about the why, what, and how of data privacy compliance and are gearing up to evaluate CMPs, start the journey with Osano. Our experts are always happy to help answer any questions that you haven’t been able to find in our blog or in other resources. Schedule a demo today.
Or, if you’re not ready for a demo yet and want to learn more about cookie consent management, check out our FAQ on the subject.