Quick Start: Consent Management

Creating regulation-ready data collection and cookie practice starts with defining consent that matches the needs of your organization. This guide walks through a quick process of setting up core consent definitions for most organizations.

Steps to Creating First Consent Definitions

A "consent event" is created whenever a person accepts site/software terms of use, chooses privacy settings like cookie consent options, or even agrees to share personal information like email addresses and location information.

Concord automates the collection of consent events within the features, forms, site add-ins and code libraries created by Concord.

What's important is that these are generic consent events, even for a default setup of Concord. Each and every consent event maps to the details of what was consented, the specific terms and conditions from the organization, and even a link to internal customer profiles and data.

The following steps will help organizations get the first consent definitions created to match their services, products and site agreements. It's easy to do...

Step 1: Determine which consent events are needed for initial implementation

Every org can start simple and build their consent records over time. For each type of consent, brands create a consent event definition and register it with the Concord Consent Network. Consent event types can be based off of common templates like site terms, social media, data collection and more.

Brands should inventory the core agreements that they want. Orgs can start with a few prioritized core consent types:

  • Start with site consent and cookie consent popups. Create a consent type for each data use type that matches your site terms.
  • Note: Concord can perform an audit on your websites and properties and help create an initial list of consent types appropriate for your sites or applications.
  • Add consent for each use of data. This helps for compliance (GDPR, CCPA and others require detailed disclosure of how data is used) as well as makes DSARs much easier to process and automate.
  • Create a consent definition for apps, applications, EULAs or other agreements.
  • Add consent for specific and often changed, requested or key information. The ideal state will be automation of executing user requests related to maintenance of their information.

For now start with...

  1. Site privacy policy, terms, agreement. Every site should minimally have a privacy policy that discloses the details of what agreement people make when using your site.
    Concord requires at least one disclosure be created when creating a project for the first time. More on projects here.
  2. Additional disclosures? In some areas and for some websites and online services, additional disclosures may be created for a site like additional data use disclosures, 3rd party terms and conditions for site add-ins, etc.
  3. Privacy options and cookie consents. Which cookie use or privacy options do you want to display to people that use your website or service?
    While many regulations don't require a detailed breakdown of privacy options, in the EU there are such requirements related to cookie use.
    Typical cookie consent toggles are: analytics, ad personalization, site performance, and embedded social features.
    While these options may or may not be required by regulations that apply to your site/service, an additional benefit of using these consents is that Concord will return the consent state for each person visiting your properties so that turning them on or off can be automated with very little effort by your web designers.

Step 2: Register consent definitions

Intro to Consent Builder and Concord Admin UI

From the Concord Admin console:

  1. Navigate to the Compliance features admin screen
  2. Create consent types using the Consent builder
  3. Be sure to create consent types for each “project” for the brand. A project can correspond to a website domain or it may be for a mobile application or even live consent events like tradeshows and healthcare.
  4. Once the correct consent types are created, copy the code to include in your sites and apps. The javascript include code also contains the project ID for the site so be sure to copy the right ones for each respective project.
  5. Concord has a code library and APIs to help developers implement apps that are not html based.

Step 3: Configuring Concord to use the new consent definitions

Privacy manager site widget

If you are using the privacy manager website widget add-in the implicit disclosure consent(s) defined for the Project will be automatically created on first page load.

Cookie consent site popup

If you are using the Concord cookie consent website add-in the registered cookie consents registered for the Project will be automatically recognized and added to the cookie consent popup.

Default behavior will be to set cookies at "allow" if users accept all or make no changes to the default consents.

Custom website experiences and applications

If you have developed your own cookie consent or site agreement features in your website or application, consents defined above can easily be added to your code using the Concord client library.