Getting Started with Concord
This guide walks you through the basics for setting up and deploying Concord’s Consent Banner and Privacy Center to your web site. It includes three quick phases of setup (configuration in the Concord app, initial deployment and testing on your website, and finally going live in production). For single web site rollouts, this can be completed in just a few hours end-to-end. If you have any questions, please reach out to us through our help center or at support@concord.tech.
If you haven’t already signed up for Concord, you can do so through this form.
Initial Setup & Configuration in the Concord Admin App
Consent Settings:
Begin by making a few changes under Consent → Consent Settings.
- Blocking Mode controls when cookies, tracking scripts, and iframes (trackers) are blocked or allowed by Concord.
- During the setup process, we recommend that you initially set the blocking mode to Discovery. This mode collects information from your site which is used to classify trackers without blocking them.
- This allows Concord to automatically classify the most common types of trackers, while giving you the flexibility to customize the categorization and blocking to your needs. While in Discovery mode, trackers are automatically identified and matched against our expansive global database of known trackers. Here is how they will be tagged if we don't find a match:
- Unmatched cookies will be marked as "unclassified". All unclassified cookies should be set to a category in the Concord Admin UI.
- Unmatched scripts and iframes will be marked as "ignored". Scripts and iframes that identify, generate, or store data about users should be classified. Scripts and iframes that don't interact with any type of user data or IDs can remain in the ignored category.
- You will keep this setting in place until you are ready to go-live on your production site.
- When deploying to production, you will set this to Strict or Permissive.
- Strict is recommended as all cookies that aren’t categorized as strictly necessary are blocked without user consent. This is typically required for full compliance with stricter privacy laws like GDPR. Note that ignored scripts will always run regardless of the blocking mode setting.
- With Permissive, categorized trackers are blocked, while unclassified cookies and ignored scripts and iframes are still allowed to run regardless of user consent.
- Consent Mode controls how user consent is received and can be set to Express or Implied mode.
- Express is recommended as opt-in consent is required by laws like GDPR and it gives your users full control over their consent choice. In Express mode, the user must interact with the banner or Privacy center to set their preference.
- Implied mode will generate implied consent events when the user first arrives on your website. This aligns with opt-out laws like CCPA/CPRA in the United States.
- Enable Do Not Sell / Global Privacy Control can be configured as desired or required by law. Laws like CCPA/CPRA in the United States require these to be enabled, so we recommend setting them by default.
- Check out this article more information on consent settings.
Branding:
You can easily tailor Concord’s user experiences, including the Consent Banner, the Privacy Center, and the Floating Button, to align with your company branding. Branding settings are shared across user experiences and can be setup under User Experiences → Branding. Within the Branding section, upload your company logo and set the primary and secondary colors according to your own brand guidelines.
User Experiences:
Next, navigate to User Experiences → Website Experience to configure the following user experiences:
- The Consent Banner shows when a person first visits the site and it provides an interface for them to express their consent preferences. In the Concord app, you can choose if the banner is shown or not, where you want to display the banner on the webpage, the banner theme (light or dark background), the buttons shown, and the desired copy for the different elements (e.g. header, body, link text, button names).
- Privacy Center is a branded experience where visitors can access privacy policies, view and edit the types of tracking they have provided consent for, and make certain privacy related requests (view, change, delete, and do not sell). Here you can show or hide various modules, including privacy disclosures and consent history, and you can customize the copy throughout the Privacy Center. Please note that Privacy Requests and Do Not Sell form requests are enabled by default. If you want to turn this functionality off, you can find these controls on the Privacy Settings page under the Privacy Requests section.
- The Floating Button appears in a convenient location on the site to quickly navigate to the Privacy Center. Floating Button settings include enablement of the button, the location of the button, the button theme (light, dark, or branded using your secondary color), the button type (tab with text or circle button), and button options (text for the tab option or icon for the circle button type. Alternatively, you might elect to hide the Floating Button, while providing a direct link to the Privacy Center in your footer or other site navigation.
Deployment & Testing
- Deploy Concord’s embed code on your website for testing. This can be found under Deployment → Deploy Settings → Embed Code.
- Review several pages to ensure the Consent Banner, Privacy Center and Floating Button all work as expected. Verify that the colors, logo, and copy look correct. If you legal, privacy, or marketing team would like some changes made, updates can be quickly made in the Concord app without having to change any code on the site.
- Classify cookies and trackers that are detected by Concord via our real-time automatic detection. Review and edit the categories as needed on the Consent → Cookies & Scripts page .
Go Live in Production
- Change Blocking Mode on the Consent Settings page from Discovery to Strict (recommended) or Permissive. Note that when this change is made, Concord will begin blocking scripts and cookies.
- If the previous deployment and testing was done on a separate testing/staging website, make any other desired production changes to your configuration and deploy the same code you used in testing to your production web site.
- Run through another check to make sure core visitor flows and branding look and function as expected.
What’s next?
- Ready to start thinking about privacy compliance and governance? Check out managing privacy requests and data mapping.
- Subscribe or follow our Blog to stay up to date on the latest industry trends and cool new Concord releases.