Updated: May 29
What is considered personal data?
Anything that could directly OR indirectly identify a person, for example, phone number or email address.
How hard is it to add the CMP to a website?
It’s a simple piece of java code on your site, then you can customize it on the back-end dashboard whenever you’d like.
Where do I need to store the data from the CMP?
This is the benefit of working with a CMP, Adzapier handles data storage and all fees associated. The CMP makes it easy for a visitor to your site to request their data from you. (DSAR)
I don't want to negatively impact the user experience on our site, will the CMP continue to pop up every time someone comes to my site?
No, users will only see the CMP prompt the first time they log in, if they clear their cookies, they'll see the request again. I understand it could seem like a negative experience, but people are becoming used to these, and it shows you value your audience's privacy.
What companies must comply with GDPR?
GDPR affects all companies based in the EU and companies anywhere in the world that retain EU residents' data.
So, if you're in the EU you need to have a CMP today, and if you're outside the EU but get any site traffic from the EU that you retain you also need a CMP today.
Who does CCPA affect?
Businesses that buy, receive or sell the personal information of 50,000 or more consumers, households, or devices. Businesses that derive 50 percent or more of their annual revenue from selling consumers’ personal information; or those that have gross annual revenues greater than $25 million.
For-profit companies you do not have to be based in CA – it is applied to the data of CA residents – the 5th largest economy.
Regardless of how many states produce their own versions, it is far easier for companies to comply with the toughest versions knowing everyone else will fall within those most of the time.
What happens if I don’t use a CMP?
If you retain cookie data without consent. Especially if there is a data leak, you may be fined up to 4% of your revenue. Businesses that fail to comply with these requirements could face litigation, as well as other regulatory enforcement actions.
Can we handle privacy consent compliance in-house?
Many corporations choose to build and manage an in-house consent management platform (CMP), but this is often not the best option for most brands and publishers. Managing a dedicated team of compliance specialists can be expensive and time-consuming, the best way forward for most brands and publishers would therefore be an off-the-shelf compliance solution, due to its flexibility and adaptability.
Why is consent management important?
If your business collects personal data from customers, it must be used for a specific purpose. In this sense, using CMPs (Consent Management Platform) to collect data directly from visitors allows you to comply with this rule, as all information is then stored and used accurately per the terms of the privacy regulations.
How can I launch a CMP on my site?
How does consent management platform work?
A consent management platform (CMP) is a system that websites use to manage the way they obtain consent/releases from users in order to process their data, typically through cookies and web trackers, usually on the domain.
How do you manage consent?
• GDPR requires asking for consent prior to collecting data, CCPA requires transparency around the data collected, how it is used, and who it is shared with along with effortless ways to opt-out and other data subject access requests.
• All consent should be securely stored in a documentation system to ensure immediacy in case of future requests for proof of consent.
How long is user consent applicable for?
As there is no specific time limit under the CCPA, consent will last for as long as it is given and can be withdrawn at any time, with consent only applying to the specific purpose for which it was generated. If the parties involved wish to use personal data in a different way or for a new purpose, then fresh consent must be acquired.
Can an organization be sued for accessing visitors' data without their consent?
Yes, an individual could be ordered to pay damages in a civil lawsuit against them or a hefty fine of ($5000 to $100,000) depends on the number of violations. So, if someone recorded your data without your consent, it is considered a theft of your privacy, and you can initiate a lawsuit against them.