Go Back

Best practices for working with Consent Manager

October 8, 2018

Thanks to Consent Manager you can easily collect visitor consents to respect user privacy and efficiently manage all data subject requests from one place.

Going through Consent Manager setup step-by-step will help you stay GDPR-compliant and make the most out of your Piwik PRO Consent Manager module. That’s why we prepared these best practices for working with Consent Manager:

1. Turn on the GDPR-compliance feature

Turning the GDPR compliance on/off has a great impact on firing tags mechanism. These features change how tags are triggered and how data is collected. To find out how to do it step-by-step, take a look at this article that will take you through the whole process.

2. Assign the correct tag types to your tags, content or pop-ups

Each tag, content, and pop-up served by Tag Manager or Personalization needs to be labeled with the proper type. In tag/content/pop-up edit form user can choose its type. All tag templates have default types values but they can be changed manually if it’s needed. To find out how to do it step-by-step, take a look at this article that will take you through the whole process.

3. Customize your template for Extended consent form

First-time visitors will see a consent form (pop-up) asking for a permission to collect data for a defined set of purposes (e.g. Remarketing, A/B testing, etc.). Until the consent is given, certain categories of tags won’t be fired. If a visitor does not consent to some or all data collection purposes, the corresponding tags will stay disabled. You can customize this pop-up – change the copy, basic styles (colors), and change a link to your Privacy Policy page. Take a look at this article to find out how to set it up step-by-step. Please note that this point is applicable as long as you have more than one tag/content/pop-up type. If you have just one then you should customize your Simple consent form and tick the Show simple consent form only for the applicable tag/content/pop-up type. To find out more about the Simple Consent Form click here.

4. Enable additional Consent widgets

These Consent Widgets can be personalized as well (you can change copy, basic styles and link to your Privacy Policy page. Thank you note is shown after a visitor submits his privacy consent choices. It’s off by default and it’s optional. Extended Consent Form Failure Note – is being used as a notification after failure to submit a privacy consent choice. It appears in case of any connection problem and gives a visitor a chance to try again and submit the consent. Consent bar is a “sticky” bar displayed at the top or bottom of the page to remind visitors about their rights regarding the collection and processing of their data for specific purposes. Upon clicking it, the visitor will see either the Single consent or Extended consent form. It will be shown until the visitor submits the form.

5. Assign the right consent form language

Piwik Pro Consent Manager allows you to add and manage multiple languages to your consent form and widgets. Once you have added new languages to your list, you can translate your consent form and widgets into the languages you added. Please note that the languages are not live yet. Please translate the copy first and then activate (make live) the language to make it available for your visitors.

6. Import consent setup from/to other websites

You can import consents setup from another website. Thanks that you won’t need to set the same options again for every website one by one. All the texts and styles and setup from consents forms, top bar and widgets will be imported. Please note that two options WON’T be imported: custom cookie domains and GDPR compliance feature turned on or off. Please take a look here to find out how to do it step-by-step.

7. Reacquire visitor’s consent

You can activate this option if you want to serve consents pop-up again after 6 months since last consents form view. Thanks that all the consents which a visitor refused or didn’t give consent to will be displayed again. To find out how to do it step-by-step, take a look at this article.

8. Enrich your Privacy Policy page

On your privacy policy page, according to GDPR, your visitors should be able to review and adjust their consent status and exercise data subject rights such as Data erasure, Data rectification, and Data access and portability. Piwik PRO helps you easily enable the widgets on your privacy policy page. It’s just enough that you change the particular widgets of this section and then copy a snippet and embed it to your privacy policy page. Consent Form Link lets your visitors view and manage privacy settings (their own consents). Data Subject Request lets your visitors send 3 types of requests, which are required by GDPR (Data erasure, Data rectification, and Data access and portability). Data Subject Request Success Note is a confirmation note after successful data subject request. It gives your visitor information that his request was successfully sent to the data administrator and will be processed shortly. Data Subject Request Failure Message is a notification after a failed data subject request. It lets a visitor to try again and let him review and adjust their consent status and exercise data subject rights.

9. Learn how to change the status of your data subject requests

Each data subject request (data erasure, data rectification, and data access and portability) is recorded and can be reviewed by the admin in the Piwik PRO Consent Manager under “Data subject requests”. You should process data subject requests outside of Piwik PRO as it may involve: additional data subject identification, validating that the request is reasonable, fetching data from other sources, etc. The primary goal of the “Data subject requests” section is to gather the time and date of any request submission. It also allows for tracking of the progress and status of data subject requests to make sure all are processed in a timely manner. To find out more about it, you should visit this article.

10. Check the insights of your consents regularly and draw conclusions

In Consent Manager, we do collect anonymous data about each visitor’s consent decision. They are based on the Consent Manager generated reports (charts). To find out more about how to get to the Insights section and what actually do specific metrics mean, take a look here.