5 Privacy Trends for 2025: What to Watch For
Heraclitus said that “The only constant in life is change,” but...
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: June 8, 2023
Published: August 31, 2022
Few other business functions touch as much consumer data as marketing. That means that whether they like it or not, marketers need to be among the more privacy-aware individuals in their organization.
So, what does that entail?
In addition to being familiar with the basics of modern privacy laws like the GDPR and CCPA/CPRA, privacy-aware marketers need to understand how those laws impact their day-to-day work. And one of the best ways to go about that is to know what metrics to pay attention to.
Keeping track of the right data can help marketers understand how to work with compliance professionals in their organization, what data privacy factors will impact their ability to do their job and how, and which of their tools and systems are sources of compliance risk.
Jump to the below links for more information on each, and download a copy of the infographic to keep handy.
1. Page speed
2. The number of cookies and scripts on your site
4. The number of vendors in your martech stack
5. Number of visitors by region
6. Decayed data
Any modern marketer knows that the experience of using their brand’s website has a huge impact on demand and lead generation. In fact:
There are a lot of factors that can affect your page load speed, and many of them relate to data privacy.
For one, a higher number of third-party cookies and scripts on your site will slow it down and increase your compliance risk. When your website’s page speed starts to tick upward, it may be time to audit your third-party scripts and cookies to see whether any are unnecessary.
Additionally, compliance solutions also have an impact on your website’s performance. If you implement a consent management platform (CMP), for instance, it will need to present a cookie banner, act on user consent preferences, record that preference, and block or permit scripts accordingly, all of which take up resources. Some CMPs are more or less performant than others, so it’s important to factor in a CMP’s impact on page speed during the evaluation process.
In order to evaluate page speed before and after an intervention like a cookie audit or CMP implementation, you’ll want to identify an objective website performance tool. Most commonly, website owners use Google’s Lighthouse tool.
It’s good to be familiar with the requirements of data privacy regulations, such as the need to ask for user consent before tracking their data or providing users with a means of opting out of data collection. But that knowledge won’t do you any good unless it’s paired with knowledge of what scripts on your website are actually tracking user behavior.
Specifically, you need to know:
We recommend classifying your website’s cookies and scripts into these categories (i.e., essential, analytics, functionality, and marketing) because they are treated differently under different data privacy laws. Some laws may not permit you to issue third-party marketing cookies unless the user explicitly opts in. Others might not permit the use of any scripts beyond essential ones unless the user opts in. There’s a wide variety of ways that laws treat these different categories of scripts and cookies, so you’ll want to get familiar with the specifics of your law. A good starting place would be our blog article summarizing the current data privacy laws.
There are a variety of ways to identify and classify the cookies and scripts on your website, ranging from highly manual to more automated approaches using compliance software. Whatever approach you choose, being familiar with the number and nature of the scripts running on your website is a best practice, even if privacy isn’t your top concern. As mentioned previously, this familiarity will help you maintain a tidier, faster website, and you’ll be able to act on the requirements of data privacy regulations.
Once you have a consent management solution in place — whether that’s third-party or developed in-house — regularly monitoring your consent rate can be a source of key insights.
For the unfamiliar, certain data privacy regulations require businesses to obtain their consumers’ consent before using data tracking technologies like cookies. You’ve probably seen cookie banners on websites before. Depending on your jurisdiction, you may need to ask users to click an “Accept” or “Reject” button on that banner, or you might just need to let them know that you are collecting their data and link to a page where they can opt-out of collection.
Whether your relevant regulation requires opt-in or opt-out consent, tracking the number of users that opt in or out respectively can tell you:
As a quick note, it’s important to not play around with your banner design too much in order to increase consent rates. Presenting a clear and informative banner is just good web design, but some individuals try to manipulate their website visitors into providing consent or making it more difficult to opt-out of cookies. This is the point where consent rate optimization ventures into dark patterns.
The average martech stack features 28 different vendors, but if you were to ask your average digital marketer about their vendors on the spot, they’d probably only think to name their CRM software, Google Analytics, and maybe an email or social media tool.
Becoming familiar with the different vendors in your stack can help you be a better coworker to the compliance and legal professionals in your organization. If a consumer makes a data subject access request (DSAR), for instance, you’ll be better able to identify and track down all of the potential stores where their data might live.
If you live in a jurisdiction where you face downstream risk from your vendors (as in the EU, where you can be found liable for your vendors’ data privacy practices), then keeping track of which companies handle your leads’ data is doubly important. Marketers handle a lot of consumer data, and they pass that data around many different systems and tools — if one of those tools doesn’t adhere to healthy data privacy practices, then you could be introducing extra risk into your organization.
You undoubtedly already track which regions your leads are coming from, but you may not have taken into account the data privacy implications that this metric possesses.
Many regions with a data privacy law on the books only regulate businesses that meet certain threshold criteria, which often include collecting data from a given number of local residents. For example, California’s CCPA/CPRA only applies to businesses that:
Tracking whether your business is approaching the threshold for a region’s data privacy regulation can help you prepare for compliance early.
In the 2000s and 2010s, businesses collected user data en masse and retained it indefinitely. Today, businesses often understand that they can’t collect data en masse anymore, but they don’t always realize that indefinite retention is an issue as well.
Most modern data privacy regulations include the concepts of purpose limitation and retention minimization. In essence, these concepts mean that businesses can only collect consumer data for a specific purpose, and once that purpose has been met, they should delete the data.
For marketers, their purpose is to drive demand and leads. At what point does a given dataset fulfill that purpose?
There’s no hard and fast rule, but there clearly isn’t any need to hang onto data for years and years. Working with old data isn’t very effective either, as email addresses stop being used, addresses change, employees exit their organizations, and so on.
It’s already a best practice to clean up your CRM database every now and then. Now, marketers who haven’t been as diligent in their data hygiene as they should have another reason: deleting old data reduces your compliance risk.
Determining how much deprecated data there is in your systems is simple. Most CRMs will feature a means of identifying:
Search your contact database for individuals meeting these criteria and delete them — they aren’t going to become prospects, but they do carry unnecessary risks. While your CRM is likely the largest data store that marketing owns at your organization, you’ll want to conduct semi-regular audits of any other martech systems that store consumer data as well.
The need to comply with data privacy regulations is pretty new, and the role that marketing plays in compliance is an even newer idea. If this discussion on privacy-related metrics seemed to come out of left field or raised even more questions for you, you wouldn’t be alone.
Often, data privacy feels like a subject matter where you’re always out of your depth — there are lawyers and dedicated privacy professionals that specialize in this sort of thing, after all.
The most significant way that marketers can wrap their heads around data privacy and get their organization closer to compliance is through cookie consent management.
Cookies are the most visible and actionable ways in which an organization collects data on its consumers. Marketers typically own the company website and work with the data that cookies gather from consumers, so they’re often the ones left in charge of implementing cookie consent. To learn more about how you can manage cookie consent, download our Cookie Consent Management FAQ.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Matt Davis is a writer at Osano, where he researches and writes about the latest in technology, legislation, and business to spread awareness about the most pressing issues in privacy today. When he’s not writing about data privacy, Matt spends his time exploring Vermont with his dog, Harper; playing piano; and writing short fiction.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.