5 Takeaways from 2024’s Industry Events: A Privacy Pro’s Perspective
In September, the Osano privacy team was lucky enough to attend a...
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: March 21, 2023
Published: August 29, 2022
You understand the importance of data privacy compliance, the ins and outs of cookie consent, and how a consent management platform can help; but what will the actual experience of implementing a CMP be like?
In this blog, we’ll describe exactly that. First, we’ll focus on what to expect during the implementation process itself. Then, you’ll learn what you can expect after implementing your CMP. Finally, we’ll talk about how you can maximize your outcomes both during and after the implementation process.
For now, it’s still relatively uncommon for organizations to keep a dedicated compliance professional on payroll. That means that identifying the need for, evaluating, and implementing compliance software like a CMP often falls to whoever owns the website. Compliance isn’t their main job; they’re just stuck with it.
If you count yourself among that number, you may be wondering how much work is involved in the implementation process. While different products can be more- or less time-consuming, implementing a CMP generally involves the following steps:
Generally speaking, the most difficult part of implementing a CMP will be configuring the rules and mechanisms for tracker blocking (i.e., step three in the list above). In order to comply with any and all data privacy laws, you need to know:
Then, your CMP can block or permit these categories of trackers according to the user’s preferences. But first, the CMP needs to know which trackers belong to which categories.
Depending on how your CMP actually conducts the blocking, this can be quite tedious. For example, some CMPs require an integration with your tag management system, which can be quite tedious to implement and maintain.
Tag management systems help businesses manage the pieces of code that drop cookies or track user behavior on your site. Since they create the tracker initially, many CMPs interact with this system to allow or block trackers at their source. The problem with this approach is that it requires a CMP to be integrated with individual tags within the system, which quickly becomes complex.
This isn’t the only approach, but it serves as a good example of what to avoid in a CMP. CMPs that require fiddling with the backend of your website or additional coding in order to classify and block trackers will be difficult to set up and maintain. A simpler approach (and the one that Osano takes) is for the CMP to work on the client side — once a CMP that takes this approach knows the categories of different trackers on your site, it blocks the trackers from the visitors’ browsers. This way, website visitors don’t get tracked, and you don’t have to mess around with your website’s backend.
Before implementing a CMP, you wouldn’t have been asking for user consent prior to tracking them. Because implementing a CMP means asking for user consent, you will inevitably see a large chunk of your web data disappear. There is no way to be compliant with data privacy laws and not have some amount of web data disappear off your radar; asking for consent or giving users the option to opt-out of collection means some of those users won’t let you track them.
This can be a shock to your marketing team. If you operate within a jurisdiction that requires opt-in consent before you can track your users, it may be a very big shock — like seeing half of your web traffic disappear. In other regions that only require you to provide users a means of opting out, it may only have a small impact. In either case, it will be a noticeable dip that you should be prepared for.
For the most part, CMPs won’t require significant upkeep. Instead, you’ll only have to update your CMP when you add new scripts to your website. For some businesses, this can occur quite frequently; for others, it’s a rare occurrence.
Your CMP needs to know what data privacy category the new scripts belong to (i.e., essential, analytics, functionality, or marketing) so that it can block or permit it appropriately. Thus, it’s important to consider how your chosen CMP approaches the classification and blocking of trackers, as described above. If it requires fiddling with the back end of your website during initial setup, it’ll require that same fiddling every time you add new scripts.
Implementing a CMP can have an impact on several different groups in your organization. Make sure you communicate:
Since classifying the categories of trackers on your website is often the most time-consuming part of a CMP setup and since you’ll have to repeat this activity when adding new scripts to your website, it’s important to evaluate a solution based on this feature. Ask how this process works whenever you book a sales demo.
Businesses can and do get penalized for presenting manipulative and/or misrepresentative cookie banners on their website. Some businesses even make it more difficult to opt-out of data collection by forcing users to make additional clicks or to navigate to separate pages.
There are a ton of minor requirements around cookie banners. A good CMP will have all of those requirements baked in and will prevent you from changing your banner in a way that violates data privacy laws. Total customizability is often a desirable feature in software, but that’s not the case when it comes to compliance.
If you’ve educated yourself about the why, what, and how of data privacy compliance and are gearing up to evaluate CMPs, start the journey with Osano. Our experts are always happy to help answer any questions that you haven’t been able to find in our blog or in other resources. Schedule a demo today.
Or, if you’re not ready for a demo yet and want to learn more about cookie consent management, check out our FAQ on the subject.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Matt Davis is a writer at Osano, where he researches and writes about the latest in technology, legislation, and business to spread awareness about the most pressing issues in privacy today. When he’s not writing about data privacy, Matt spends his time exploring Vermont with his dog, Harper; playing piano; and writing short fiction.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.