We had to do something to make sure all of our domains are compliant,” he says. “We have vendors from all over the world with different domains, URLs, legislation, and languages. It was clear we needed a flexible, scalable solution built for companies of all sizes.

Martin Verner Information Security Officer

Solution

Automatic Compliance Across All Sites with a Single Line of JavaScript

GDPR went into effect on May 25, 2018, and with one solution already failing to provide the necessary coverage, Autorola didn’t want to waste any more time getting a cookie consent product in place. They had already seen other companies penalized for non-compliance and wanted to reduce their risk. 

Verner evaluated Osano’s Consent Management Platform and saw the software wasn’t limited in the number of domains and URLs it could manage. With only a single line of JavaScript, Autorola was able to enforce automatic compliance on all of its vendor sites.  “The technical implementation of Osano is simple, and it’s clear they make it that way on purpose,” says Verner. “We only had to include a simple script on our side and it started working across all of our domains.”

The technical implementation of Osano is simple, and it’s clear they make it that way on purpose. We only had to include a simple script on our side and it started working across all our domains

Martin Verner Information Security Officer

The Osano software works in multiple steps: Listener, Permissive, and Strict. The Listener mode is the discovery mode that intelligently gathers script and cookie information so it can be categorized based on its purpose - essential, marketing, analytics, or personalization. Osano rapidly scanned Autorola’s and its vendors’ sites and collected more than 1,000 cookies and scripts. Verner and his team then determined which cookies were their own before categorizing them. 

After a few days in the Listening mode and categorization complete, the software then set up the appropriate scripts and cookies and changed the code to Permissive/Strict mode. Without any additional coding, Autorola sites now show cookie pop-ups, and scripts and cookies will be automatically allowed or blocked based on their classification and end-users’ preferences.

Results

Compliance Peace of Mind Across All Domains

Autorola has appreciated the benefits of  Osano Consent Manager since becoming an active user. Because Osano is easy to use across all of their sites using one configuration, the company no longer has to worry whether their vendors are putting them at risk with poor consent management practices. 

There’s always a learning curve with new software, but Osano was quick to respond to any issues and build features we needed for our unique environment. The software automatically manages which kind of consent we need for each user and allows us to focus on other aspects of GDPR, knowing the cookie consent portion is taken care of.

Martin Verner Information Security Officer

As far as what’s next, Autorola is honing its procedures on how to manage data subject rights. They are leveraging automation wherever possible and utilizing Osano as one of its tools in its GDPR toolbox.

“The categorization part is still somewhat uncertain and it’s not always easy to determine if a cookie is necessary or not per GDPR, but Osano has put us in a much better position than before and we are getting smarter with time,” says Verner. “All companies are having similar issues because GDPR isn’t precise or prescriptive. There is so much to consider when you talk about GDPR, but we have peace of mind knowing Osano has 40 lawyers on staff keeping track of changes within GDPR and adjusting the software configuration to ensure we stay compliant with user consents.”