Let’s start with a really quite common scenario nowadays. You visit a website, and before you even get to read or click anything, you’re greeted with a banner or a pop-up that wants to know whether you accept cookies or not.
Cookie banners have become an unavoidable part of the web since GDPR and Cookie law came into effect. Just to be clear, these have been around for many years already. However, it seems pretty common that none of this is actually considered by some companies. This can be for various reasons, like somehow not really having the knowledge or interest about these things. Or it can be a calculated risk to save some resources.
In any case, it’s really quite dismissive to build a new website as part of a marketing infrastructure, and not consider consent management at all. Now, you may ask: “then how do businesses manage all this?”. The answer is actually quite simple:
They use consent management platforms.
What is a CMP?
A Consent Management Platform (CMP) is a tool that helps websites collect, manage, and document user consent for cookies and data tracking in a GDPR-compliant way.
You could think of a CMP as a gatekeeper that ensures marketing and analytics tools like Google Analytics or Meta Pixel only load after a visitor has given permission.
1. The banner
Let’s start with the collection part. The most visible manifestation of consent management is the infamous cookie banner. Many people still think, that a banner is all that’s needed, but that’s true for only some cases. It is possible to build a website that uses so called necessary cookies only, which means that technically they wouldn’t even have to notify anyone, but it’s still a good practice to have the system ready in case some tracking cookies wanted to be used in the future.
The cookie banner is indeed quite despised by many people, but for a legal standpoint, it serves a real purpose. It gives users the ability to either consent to cookies or discard them. Necessary cookies will always be allowed, though.
2. Cookie management
The management part is actually the most important part of a CMP, in my opinion. It all starts with cookie categorisation. There are different ways to do that, but many platforms automatically scan your website and then automatically applies categories to each cookie. You will be able to review and change all the details, including categories.
Then comes the crucial part. A CMP actually stores the consent information in a database. This is important, because it’s actually required by GDPR. This means that you will be able to provide proof of consent for a user, if it’s ever needed. And it also gives the option for a user to withdraw their consent.
3. Tracking script management
Technically speaking, it can be difficult to implement such a system that launches tracking scripts or sets cookies only after a user has consented. It’s certainly possible, and even when using a CMP, it’s necessary to manually modify some tracking scripts to behave in this way.
With a CMP however, most of this can be automated. It will, of course, require some configuration and maybe modifications to the tracking methods, but in the end it will be much easier to manage. Let’s say you want to introduce a new tracking script. It now becomes much easier to install, because you just need to add the script and everything else will be completely automatic.
This is a powerful feature, especially in combination with a tag management system like Google Tag Manager. Most of the configuration can be made using a pretty user-friendly graphical interface, with all the variables already in place. You just create a new tag, choose the triggers and rules for launching the tag, test that it works, and publish the changes.
Why would you need a consent management platform?
Although there are some situations where no consent management system is needed, many of those operators use one anyway, just in case. There are a few reasons why the rest of need one:
- Legal compliance: GDPR and the ePrivacy Directive require prior consent for all non-essential cookies.
- Risk management: Data Protection Authorities (e.g., in France, Sweden, Denmark) have issued real penalties for improper consent banners.
- Trust and transparency: A clear consent interface increases credibility.
- Ease of management: A centralised management interface makes it easier to manage scripts and logs.
What CMP options are there?
There are multiple well-regarded options with different use cases. Some of them prioritise ease-of-use and simplicity, while others are built for very large websites. The latter one creates several technical challenges, which have to be addressed. In most cases, that drives the price up. Those are also very often quite a bit more complicated to implement.
Simple solutions
- Cookiebot, owned by Usercentrics: This is what we use, because it’s really simple and functions reliably. It also has automatic scanning.
- Cookieyes: Functionally very similar to Cookiebot, with a slightly more polished UX
- Termly: A simpler option, easy to use, but not as robust
Complicated solutions
- OneTrust: Enterprise-grade, works with anything, high cost
- Usercentrics: Flexible, EU-based, also enterprise-ready
For a WordPress-based site, Cookiebot and CookieYES are often the easiest to implement. They have a really good user experience, automatic cookie scanning, can be quite easily used with a tag manager, and are relatively inexpensive.
For enterprise needs, there are quite a few options as well, but they often come with a much higher cost. I have found Usercentrics to be a good middle-ground choice, but when it comes to enterprise, everything needs to be evaluated by case.
Can you make a DIY consent system?
Many smaller companies may think, “We could just make a banner ourselves”. While you certainly could, it’s not the best idea for a few reasons:
- DIY banners may not meet GDPR requirements, like blocking cookies until consent
- Depending on the website, cookies and scripts may change quite often, which means manual updating, while a CMP does this automatically
- It’s actually quite complicated to record proofs of consent and then make them available for users to withdraw
- User experience may not be as good, considering speed, localisation, accessibility, and mobile usability
So yes, creating a banner is probably cheaper, but the problem is that it’s not enough. If you want to use tracking scripts and cookies, you will need a system to handle the complete pipeline. In the long run, it will be cheaper to integrate an already existing and well-functioning system into your marketing infrastructure.
Conclusion – compliance is only part of the story
Implementing a CMP isn’t just about avoiding fines. It’s about showing visitors you respect their choices, and that builds trust, especially in privacy-conscious markets like the EU.
Which platform to choose depends on the needs really. But for most websites, a more simple solution like Cookiebot will be more than enough. It will also scale quite well.
If your website uses analytics, advertising, or embedded content, it’s time to review your consent management. Tools like Cookiebot or CookieYes can make compliance much simpler and your visitors will thank you for it.
You might also be interested in these
Digital Marketing Infrastructure as a Core Building Block
Getting Comfortable with Tech