Consent management should be high on the priority list of any company. Fines for non-compliance with data privacy laws have recently skyrocketed, with over $300 million worth of fines issued to EU firms who violated GDPR (General Data Protection Regulation) between 2018 and 2021.
And it’s not just fines that companies need to be worrying about – a recent report issued here at Zeotap found that only 40% of consumers feel in control over how their personal information is used by the companies they interact with, and 60% of consumers have become more conscious of the personal information they share with companies over the last year.
Enter: consent management. Consent management supports a company’s data privacy compliance by firstly informing users about how their data will be collected and used, then also collecting and managing consent itself.
Why Consent Management Is Important
On the surface, consent management might not seem all that impactful, but it can make a big difference to a company’s revenue. Underestimating consent management leaves a company open to incurring those aforementioned GDPR fines, which can reach $20 million or 4% of the annual global turnover of a company for certain infractions.
And companies won’t just suffer financially. The “clean-up procedure” from a GDPR penalty not only entails correcting the fault that got the company fined, but also regaining the confidence of at least 60% consumers who will regard the company negatively going forward.
Taking the required measures to set up a trustworthy consent management system may help you avoid hefty fines and lost customer loyalty.
Where Consent Management Isn’t Enough
The challenge with consent management is that in today’s digitalised landscape, consumers have the ability to give (or retract) consent to use their data in dozens of different ways. For example, over email or in signing up for a loyalty program, in completing a feedback survey or in entering a contest – each touchpoint could be collecting a different consent story for the same individual.
So how do you manage a consumer’s identity, preferences, and attributes over time, and give your organisation the confidence that its consumer data is accurate and up to date? With the help of a Customer Data Platform (CDP).
CDPs serve as a trusted repository of all consumer data, orchestrating the enrichment, activation, access, and erasure of that data over time. For the most advanced, such as Zeotap, this includes information on consent and marketing preferences.
This helps solve the problem of disparate, siloed consent records. In creating a unified customer profile, a CDP can also create a unified consent profile, taking different sources of consent data (including Consent Management tools themselves) and rationalising them into a single set of preferences that marketing can follow:
A CDP also has the power to determine which technologies receive consumer datasets and even more significantly, to orchestrate the right data that other technology destinations require to carry out their tasks, assuring the business that consumer data is being used in a “need to know” fashion.
If this is the first you’re hearing of CDPs working to support and enhance consent management processes, here are five more reasons your organisation should consider pairing a CDP with your consent management process.
5 Ways CDPs Can Support Consent Management
1. They Are Built To Meet Strict Consent Environments
A Customer Data Platform (CDP) can help guide a company through how it manages user identities and data in a way that is secure and compliant with regulations such as GDPR. The CDP will create one customer view across all channels, enabling the business to update consent management preferences in real-time.
Gartner data shows that for a Data Protection Officer (DPO) to manually process a Data Subject Access Request (DSAR), it costs a business around $1,400 per request due to the time and effort spent on a manual process.
Even if a company processes just 100 data subject requests per million customer records each year, it would still cost them as much as $140K per million customer records. And it’s all due to inefficient workflows and a lack of automated processes around the customer data consent process.
But with a CDP, many of those manual processes are removed. Instead, DPOs can easily respond to DSARs by having a single source of trusted data to refer to, which is stored and unified in a CDP.
With a data-first CDP, businesses can dramatically enhance their data privacy approach and benefit from increased efficiency since the CDP will analyse the customer’s data profile and subsequent transfer to other service providers and third-party technologies.
Over time, the management of consumer data becomes even more important and the CDP even more vital. The specific automation in the CDP allows it to constantly unify disparate identity data points and align their acquisition and storage as they change.
These are all features required in a GDPR-ready system to ensure a company is constantly compliant with strict data privacy regulations, and where the marketing department must have a precise overview of an individual’s data processing through multiple systems.
2. They Create A ‘Single Consent View’
A good Customer Data Platform serves as the main repository for all opt-ins and opt-outs, contact points and channel preferences, and will timestamp every update of consent.
The data, interactions and purchases of each customer are combined into a Single Customer View, allowing marketers to freely share or use the information. So while the main aim of a CDP isn’t always compliance, the way the platform stores and organises data acts as a consent orchestration solution and makes staying on the right side of compliance much easier.
3. They Are Made For Activation
A single view of consent is only any good if it can be put to use. Today’s marketers are dealing with an ever-growing spectrum of channels across which they want to activate their consented data (from owned channels such as email to paid advertising), and this is another area where the CDP can come to the rescue.
Firstly, CDPs are by nature plugged into every part of the marketing stack, meaning that whenever a marketer wants to deploy a segment in a channel (i.e. email) the connection to their email service provider is already set and ready to go.
Secondly, marketers must execute fast, and often don’t have the time for their DPO to double-check that each new campaign has the correct consent settings. A CDP that specialises in data privacy (like Zeotap’s) therefore allows you to establish universal rules for activating data, so marketers can launch campaigns confident in the knowledge that customer consent and marketing preferences are being properly reflected.
4. They Create A Single View Of Consent
Customer Data Platforms (CDPs) create a single, centralised view of most consumer data and facilitate on-demand access to read data that lies outside the CDP. This makes it simple to gather a full set of personal information for authorised personnel to inspect, edit, and export. A CDP’s capacity to link all data to the correct individual is particularly helpful when complying with GDPR and consent management regulations.
CDPs also maintain a “golden record” of the most up-to-date versions of data, such as client names, addresses, and statuses. This information can be sent back to source systems that may contain mistakes – ensuring that data subject access requests are passed down the line. This is just one aspect of GDPR’s data governance requirements that a CDP complies with to reduce the chance that consumers will be confronted with incorrect data, potentially triggering an investigation request.
5. They Build Trust with Easily Managed Consent Preferences
Nowadays, companies are capturing more than just consent with their data collection; they’re also storing specific user preferences regarding how consumers want to be communicated to.
And in today’s world, this matters. At least 60% of consumers don’t feel in control of their data privacy, and 62% of consumers are more willing to buy from brands that can guarantee that their personal information won’t be shared with third parties.
Consumers have long been concerned about the privacy of their personal information, which means businesses must do more to win their trust. Easily managed and transparent consent preferences are one such way of assuring consumers that they are in control of their personal information.
Consumer preferences shouldn’t just apply to aspects like marketing communication preferences, or the unwillingness to share information with third parties either. In another source of complex consumer preferences, some customers may have strong feelings about what happens to their data after death, for example.
CDPs help companies address these needs through an additional attribute called “state”. Normally this is set to “account can use” or “unrestricted”, but it can also be set to restrictive, in which case the CDP will not release data without specific action. This is similar to a traditional block placed on data – except that it is dynamic and based on individual preferences.
Offering this granular level of choice and control can sway customer loyalty, and can cultivate serious levels of trust, reducing customer churn and raising retention rates.
Examples of Consent Management Tools
Usercentrics is the leading Consent Management Platform (CMP). It enables publishers, and agencies to become entirely GDPR and CCPA compliant by comprehensively managing, obtaining and recording the consent of their users across multiple platforms.
Usercentrics offers a simple, straightforward solution that is easily implemented, completely configurable, and legally safe. Usercentrics’ simple and user-friendly design, real-time monitoring, detailed opt-in testing, in-page opt-in optimisation tools, and more help businesses to implement a thoroughly transparent Consent Management program that can be trusted by consumers.
Didomi is another best-in-class Consent Management Platform (CMP) that is certified with GDPR and IAB Europe. Deployed on over 160,000 websites, it is able to be integrated across multiple platforms including websites, mobile applications, internal apps etc, and in an omnichannel, multi-brand and multilingual Preference Center.
Didomi offers businesses the chance to create value from data privacy by nurturing trust. Its bespoke consent and preference management solutions enable businesses of all kinds to future-proof a data strategy that is transparent and secure.
The end goal should be to have a single view of the customer that is compliant with data privacy regulations such as GDPR. However, CDPs alone will not be sufficient in achieving this objective.
Compliance with GDPR regulations requires considerable effort in business processes and structures in order to correctly capture consent, avoid unlawful data gathering, and implement necessary modifications or deletions when required. Companies will also need to oversee processors and business partners to ensure that they meet security standards as well as comply with usage limitations.
But a CDP can address several key GDPR difficulties. Most importantly, by unifying consumer data to produce a single record of consent as part of a comprehensive customer profile.
As the standards for compliance become stricter, companies that do not have a consent management process in place should strongly consider the usage of a CDP. At Zeotap, our CDP is unrivalled in GDPR compliance as we engineer for the highest European standards for consent, security and privacy.