Best Practices For Managing Tracking Services

DataGrail Consent provides a much needed solution for privacy managers looking to achieve verifiable compliance while balancing the needs of important marketing and development stakeholders and ensuring a successful Consent program.

Legacy consent solutions over-rotate on Cookie management, which is only one type of technology used to store and transmit personally identifiable information (PII). In contrast, DataGrail Consent provides privacy teams full control over all trackers your company uses to provide a personalized experience for your users.

Use this guide to follow a step-by-step approach to managing Consent for all trackers across your company’s digital experience. As with any project, you can start small and cover the level of tracking before moving on to the others. Where you start depends on your access to the IT resources necessary to complete it.

What Needs to be Managed by DataGrail?

To successfully implement DataGrail Consent, you’ll need to understand your company’s tracking strategy. Your website and apps are composed of several services that work together and make up your businesses’ user experience, and many of them do some sort of user tracking in exchange for providing a personalized digital experience.

DataGrail can support you in understanding the services running on your site with tools and in-house expertise to help teams understand all the areas that need to have consent management in place. Using the Privacy Inspector, you can get a quick sense of the trackers deployed on your site to begin internal conversations with the marketers and developers who deployed these services on your website.

Services that employ PII across your digital experience may be deployed or otherwise use PII via the following methods:

• A Tag Manager: Google Tag Manager, Segment, and Adobe Launch have controls in place to read a user’s Consent preference and change the behavior of what services they deploy to your site.
• Your website’s consent management system (CMS): Wordpress, Shopify, and CMSs have built in mechanisms to deploy services that offer personalization capabilities, sometimes via apps that you install within the provider itself.
• A direct implementation: 6Sense, AdRoll, HotJar, Drift, and other solutions may have been added to your site directly using a piece of code. [Advanced] An external ad network: Your team may communicate with other ad networks to place ads on your site, which check a database that you host for the customer’s consent value.

Inverted Pyramid Implementation Approach

We recommend starting with the parts of your digital experience that are responsible for deploying the most services to your website, working your way down towards targeted, direct implementations to manage the remaining services. Working in this way will help you achieve the most coverage for DataGrail to control services that run on your site depending on a user’s consent preferences.

Your Website’s Content Management System (CMS) is usually the first place that your marketing and development teams use to manage the deployment of tracking services, since they often provide built-in apps and control mechanisms that change how services behave based on a Consent preference. For products like these, developers can use our browser APIs to manage them. For example, Shopify has a built-in mechanism to globally control how apps (added within the Shopify app store) run based on a user’s consent preference. Using our DataGrail APIs, you can retrieve the user’s consent and pass it to this API to block any services that have not received end user consent.

Next, you can handle trackers that may be added via your website’s Tag Management System (TMS). A TMS helps marketing teams control how services are deployed to your website based on events that occur while customers use your website. Many marketing teams have standardized processes to use a TMS to be the sole mechanism to deploy services on your website. DataGrail has a foundational integration to Google Tag Manager, a TMS used by 90%+ companies today.

You can manage services that are directly embedded onto your website using DataGrail’s inline script management capabilities. You can manage these services alongside those within your TMS (also known as “tags”) so you have a single view of all services deployed across your websites.

Once you’ve configured all of the services across the various implementation layers, you’ll need to publish all of your changes to your website. For more on the testing and deployment, see this guide.

What About Cookies?

Services deployed via the methods above may sometimes store data – Cookies – on your customer’s browser to offer personalized features. By managing the service, you manage the cookie. When DataGrail receives a consent preference from a customer, it blocks any configured services from functioning, which means they no longer have access to the stored cookies on a customer’s browser.

If you need to report on and manage first-party cookies for compliance purposes, you can use our cookie management features. After deploying DataGrail Consent, our real-time cookie scanning mechanism will detect any cookies running on your site and report them to DataGrail. This allows you to create rules that our software will use to manage cookies.

Summary

DataGrail offers many mechanisms to manage the services that require user consent, and we recommend a methodical approach to a successful consent deployment. If you are a privacy manager facilitating the deployment of DataGrail Consent across your websites, we hope this guide is useful in shaping your project plan and understanding how to involve your marketing and development teams.