Key questions you need to ask about your privacy software
Does it manage cookie consent banners globally?As a digital marketer, the two most important numbers for your role are the number of people visiting your website and the number of people converting on your website.
Surrounding those numbers are a slew of other numbers: new and recurring visitors, form submissions, referral sources, page views, visits by demographic, visits by persona, visits by industry — the list goes on.
Analyzing these numbers both informs your marketing strategy and tells you how successful that strategy is. Asking visitors for consent to track metrics like these keeps you in compliance with data privacy regulations, but it also reduces the size of your data set, which in turn, makes it harder to do your job. That can be more than a little panic-inducing.
Fortunately, there are approaches to gathering consent that minimize compliance’s impact on your analytics data.
What you’ll want to avoid is a solution that requires you to build your cookie consent banners. There are dozens of different jurisdictions with their own required language, design constraints, disclosure needs, and other requirements for a cookie consent banner. Obviously, developing and implementing all these individual banners is a time-consuming process, especially since the privacy landscape is changing all the time, and you’ll need to update different jurisdictions' banners accordingly.
If you’re working with a legal department or a data privacy professional, they might be inclined to implement a General Data Protection Regulation (GDPR) banner across the board. It’s the most comprehensive regulation, and a banner that meets its requirements will likely meet the requirements of other jurisdictions.
That’s great for the legal department, but not so great for you. Visitors are used to interacting with the banner relevant to their local regulations, so being confronted with a needlessly complicated banner might discourage them from consenting to sharing their data.
So, the biggest thing you can do to ensure you have access to a robust data set for analytics purposes is to make sure your privacy solution manages cookie consent banners globally.
Your vendor should serve up compliant banners for each jurisdiction, ensuring users only interact with the relevant banner that they’re familiar with. This feature alone will go a long way toward minimizing the impact that asking for consent has on your analytics.
How will it interact with your tag management system?For the unfamiliar, tags are code segments provided by external parties (such as analytics and marketing vendors) that integrate their products into your website, including cookies.
If you use tracking cookies, then you use tags, and you most likely use a tag management system, like Google Tag Manager (GTM). GTM helps website owners identify which tags are active, define what conditions should cause individual tags to trigger, and manage other tag-related tasks.
Often, data privacy software needs to be integrated with GTM or your alternative tag management system. As users accept or decline analytics, marketing, and/or personalization cookies, your privacy software needs to interact with those GTM triggers to signal whether the tag should fire or not — and therefore, whether a cookie is dropped on the users’ browser or not.
But given the fact that the average enterprise website has anywhere between 50 and 150 third-party tags, the actual work of integrating a privacy software solution with GTM can be time-consuming. Afterward, you’ll need to engage in ongoing maintenance as the tags and cookies you use on your website change. Basically, any new tool or script you want to implement on your website will require tweaking on the back end.
Fortunately, there is an alternative approach to blocking cookies and tags that doesn’t require a GTM integration. The approach taken by the Osano team is to block cookies client-side, in the users’ browser. Rather than live in your website’s backend, telling GTM which tags can fire and which can’t, Osano simply blocks or permits cookies based on classification rules without interacting with GTM at all. GTM can still do its job; but if one of its tags attempts to drop a forbidden cookie, Osano simply blocks the cookie. As a result, there’s far less integration and maintenance work required.
(We should note that some may still want to integrate Osano with GTM for a variety of reasons; we made sure that is still possible with Osano.)
How will it affect your website’s load speed?When most websites load instantaneously, a few extra seconds of delay can be very noticeable to your visitors. There’s no shortage of evidence demonstrating that load speed matters to website visitors. For example:
- One study found that a two-second increase in load speed results in a 103% increase in bounce rate
- The BBC lost 10% of its users for every additional second their site took to load
- 40% of users will abandon a website if it takes longer than three seconds to load
It can be difficult to assess how much of an impact a given solution will have on your site in advance, but there are steps you can take.
During the evaluation process, you can ask the vendor representative what impact their solution typically has on Google Lighthouse scores. Lighthouse is an open-source tool administered by Google that you can use to assess a variety of metrics for a given website, including load speed.
While a knowledgeable vendor representative will be able to either give you or find an answer, you can also take advantage of any free trial periods to contrast your website’s performance prior to implementing data privacy software with its performance afterward. If there’s a large drop in performance and/or if it differs significantly from what you were promised during the sales process, it may be worth evaluating other solutions.
Does it provide DSAR automation?While cookie consent management tends to receive all the attention, making your website compliant with data privacy regulations also means providing users with a means of making a DSAR, or data subject access request.
Under a DSAR, a user may request to see what data your organization has on them, request a correction, ask for that data to be deleted, and more. The challenge lies in finding the relevant data, not exposing other users’ data in the process, and executing on the DSAR as required by data privacy regulation.
Often, there isn’t a person dedicated to handling DSARs at a company. Especially in organizations without a privacy professional, DSARs are often handled by whoever is in charge of the website — which is usually the marketing department.
You’ll want to ensure your data privacy software features an automated and repeatable DSAR process so you can comply and do your actual job.
Since cookie compliance is such a focus, it can be easy to evaluate solutions solely based on their ability to secure and manage user consent. But data privacy software goes beyond cookie consent; it should be focused on compliance in a holistic way. Make sure the solution you evaluate also makes complying with other aspects of data privacy regulation (like DSARs) easy and painless.
Marketing deserves a seat at the tableIt can be tempting to think of data privacy compliance as just a box to check off, but doing so could leave you saddled with a clunky solution that interferes with your ability to market your organization.
That’s exactly what happened to Mailgun’s Head of Growth Marketing. They had let their legal and developer team handle vendor selection and wound up with a data privacy solution that was a non-starter for their marketing department. After struggling to get their old solution implemented, they shifted gears and began re-evaluating solutions — this time, with the awareness that marketing was an important stakeholder to include. The result? They chose Osano.
You can read more about Mailgun’s data privacy journey here. Or, if you’d rather kick off the evaluation process yourself, feel free to get in touch with us to schedule a short demo of the Osano consent management platform.