Articles

Free template: Your consent management platform scorecard

Written by Matt Davis, CIPM (IAPP) | October 28, 2022

According to Cisco’s most recent data privacy benchmarking study, businesses spend $2.7 million on data privacy compliance programs on average. Of those, a little less than 33% see a twofold ROI on their efforts. Not only is data privacy compliance an ethical and legal obligation, it can be a source of better business outcomes—but a big part of seeing that ROI lies in making the right investment decisions. For businesses looking to become compliant and to do so effectively, they need to choose the right solutions for their data privacy compliance program.

Few aspects of compliance are more visible or more impactful than consent management. Businesses that get consent management right go a long way toward getting data privacy compliance right as a whole.

But choosing the right consent management platform is a challenge

Evaluating consent management platforms (CMPs) is uniquely difficult. Part of what makes a CMP useful is that it automates or guides compliant business processes that would otherwise require a devoted professional with deep subject matter expertise.

So, unless you already have an expert on your team, it can be difficult to determine which CMP most effectively supports those business processes. When it comes to compliance solutions, the last thing you want is a solution that leaves everything up to you; you want a solution that has guardrails to guide you away from noncompliance. It can be difficult to assess which solutions do this most effectively without already possessing subject matter expertise in data privacy.

We want to make that challenge easier

So, the Osano team developed a scorecard that simplifies the evaluation process. It identifies the most impactful capabilities to evaluate, the right questions to ask, and how to gauge cost-effectiveness. 

Click here if you want to review Osano’s Privacy Scorecard straight away. If you want to learn more, keep reading.

How to use the scorecard

The scorecard features ten general categories, each with a set of different product capabilities you can compare across vendors. Here are the categories and why they matter when evaluating a CMP:

  • Compliance requirements & capabilities: Which regulations will your CMP comply with, and how?
  • Ease of implementation: Will it be simple to become compliant, or will you need to spend a significant period of time waiting for your CMP to be set up correctly?
  • Ease of ongoing maintenance: Once you’re live, will you need to dedicate much time to staying compliant? How easy is it to update your CMP configuration for new scripts, cookies, domains, and more?
  • Support for multiple domains: How much control do you have when deploying your CMP across multiple domains? Is your CMP capable of supporting multiple domains?
  • Quality of support: Is your solution vendor responsive to your issues? Does their support vary by subscription plan?
  • Languages and global capabilities: Will your CMP limit you to serving an audience from just one region, or can it support a global audience, including all of the variations in languages and local regulations?
  • Customizability: What degree of control do you have over the look and feel?
  • Integrations: What common systems can your CMP interact with?
  • Unified solution to maximize compliance: Does the solution offer additional compliance capabilities that growing businesses commonly need beyond consent management?
  • Protection: Does the CMP vendor offer any noncompliance protection?

Each of these categories is associated with a set of product capabilities that you can evaluate on a scale of 0 to 4 for each vendor you’re evaluating, with 0 signifying “The vendor has no capabilities” and 4 signifying “The vendor has best capabilities of all vendors.”

For each capability, we’ve provided sample questions you can ask the vendor to learn information that can inform your score for them.

Once you’ve developed an overall score for each vendor, the scorecard also guides you through all of the possible costs associated with a CMP, including:

  • Vendor costs, such as the implementation fee, subscription fee, cost per domain, and the like
  • Internal fees, such as internal implementation cost, ongoing maintenance, and so on

Once you’ve quantified the product’s capabilities and cost, you can objectively compare different CMPs’ cost-effectiveness.

Download the scorecard

Whether you’re planning to start your CMP evaluation journey or are already in the midst of one, Osano’s privacy scorecard can help you formalize your evaluation criteria. You should trust your gut, but only if you’ve got the quantitative metrics to back your instincts up.

Click here to download the Osano Privacy Scorecard.