We're all familiar with them: the cookie banners that pop up as soon as we visit a website. One can't help but wonder, why do we need such a banner in the first place?
The reasoning is quite straightforward. Because you are legally required to do so. With the introduction of the GDPR in May 2018, companies are now obliged to obtain the consent of their (European) users before using their user data for any marketing campaigns. What this means is that if consent isn't obtained in compliance with the GDPR, the data collected cannot be used for marketing purposes. This results in a lack of accuracy in campaigns such as retargeting and ultimately to less ad revenue.
Understood - I have to ask my website visitors for their consent, but now what?
In theory, that's what's needed, but how are these requirements put into practice? This is where consent management platform providers like Usercentrics come in. But remember: In order to be legally valid, consents must fulfil various criteria. In addition, the CMP must not only be able to properly obtain consent, but must also be able to manage it and document it in an audit-proof manner.
The necessary criteria for GDPR-compliant consent are the following:
"Accept" and "Decline" button
Consent is voluntary if the user has genuine freedom of choice when making their decision.
Who, What, Why, and for How long?
Consent is considered informed when the data subject is aware of all the circumstances surrounding the data processing and knowingly consents to it. Informedness also includes information regarding the right to withdraw consent.
Yes, I consent!
The user must actively consent to the use of technologies.
Consent must be technology- or cookie-specific. This means that a user must give consent for each and every data processing service used on a website.
No data processing before an opt-in
Obligation to provide evidence of consent in the event of an audit
Opt-out on the page
The user has the right to revoke consent at any time and without justification. In doing so, the revocation must be as simple as the granting of consent.
What happens if I don't collect consent? Can anyone even check that?
Data protection guidelines are constantly evolving, undergoing revision, expansion and, most importantly, subject to ever-increasing scrutiny. As it's technically easy to check a website's compliance with the GDPR, more and more companies are being warned and fined heavily if they disregard applicable regulations. Just recently, Amazon and Google were fined 135 million euros for collecting data without consent. Such cases are causing alarm throughout the industry and are not only bringing the issue of data protection further into the focus of the authorities, but also into the focus of users.
What if my website users don't consent?
One thing has become clear in recent times: customers appreciate transparency. Communicate openly to your customers about what data you collect and for what purpose, as you show your customers that you care about data protection. If website users can understand why data is being collected, they will not only be more likely to consent, but also more likely to trust in your services. However, there are factors such as colour design, placement or wording of the cookie banner that favour a higher consent rate. We have summarised these best cases for you in a white paper.
Alright, I see the need for a CMP - but how do I implement a Consent Management Platform?
This is the part where the good news comes in. Implementing the Usercentrics Consent Management Platform is super easy and can be done quickly. Choose the Usercentrics PrestaShop module and get started straight away.
GDPR is confusing. How do I know about everything I need to consider?
With the ever-changing GDPR, it's almost a science in itself what rules and regulations apply where. For example, what you have to consider in a live chat or in your newsletter can be completely different. However, we at Usercentrics keep it simple. The Knowledge Hub is curated by our legal and communication team who will keep you up to date on new regulations and developments, such as the ePrivacy Directive or Google Consent Mode. In addition, we have a number of different white papers and checklists available for you so you're never alone. This gives you an overview of which requirements you need to fulfil, and we promise, soon enough you'll be able to recite the GDPR in your sleep.
And what happens after implementation?
The next steps after implementation are very simple: test your CMP. Compare the opt-in rates of different configurations and find out what works best for you. Keep making adjustments to achieve the highest opt-in rates and realise your full marketing potential!