Can the GDPR and Tag Management work in harmony?

GDPR et Tag Management peuvent-ils faire bon ménage ?

“How can you prepare yourself for the GDPR without becoming blind; in other words, without losing the analysis data for your digital audiences?” That is the major worry currently preoccupying digital marketing teams. Since the GDPR sets out an entirely new order for managing personal data, companies must adopt new consent practices. Consequently, the entire tag management process must likely be revamped, including tag activation and the corresponding services (tracking analytics, retargeting, personalisation, etc.).

What is consent?
The concept is very clearly defined. Consent must be obtained in a way that is totally unambiguous. To obtain consent, you must clearly and explicitly explain to each person why you are processing their data. Furthermore, for it to be considered as freely given, the consent must constitute a genuine choice (and not an obligation). This means they must be able to access the service even if they refuse to give their consent.

These new practices raise 3 questions:

  • How can you make obtaining consent as simple as possible?
  • How can you minimise the time between obtaining consent and tracking reactivation?
  • How can you streamline tag management in the long term?

Everyone is still looking for the perfect formula to obtain consent. It can sometimes be tough to find the right image or words to explain in a clear and informative manner the purpose of the service without losing their interest. In an ideal world, you would use A/B testing to compare the success of different messages. However, for many companies, with just a few weeks before the GDPR comes into force, time is running out.

Technical challenge: how do you reactivate tags straight after obtaining consent?

Once consent is obtained, another challenge emerges: how can you reactivate tags as soon as possible and preferably before the user begins any other interactions? The only way to minimise this delay is to directly connect the consent banner to tag management, which requires a TMS (Tag Management System) also capable of managing consent. In the case of TagCommander, Commanders Act’s TMS, this falls under the remit of the specialised ePrivacy module.

This module can directly link consent for a specific purpose, for example analytics tracking, to the corresponding services and tags. Therefore, as soon as a user gives their permission, and before their next interaction, the tag container is immediately reloaded and the relevant tags activated.

And what if your TMS isn’t capable of handling privacy issues? In this case, the solution is to add lines of code for each tag to check consent has been obtained and handle activation accordingly. Such work, given the sheer number of tags involved (Commanders Act’s clients have on average 16 tags per page), soon becomes a chore and will be extremely labourious to maintain in the long run.

GDPR: an opportunity to streamline tags

This agile management of tags heralded by the GDPR does not only require the right equipment, but also a lot of mapping beforehand. The aim is to organise tags based on their purpose — so you can request the correct consent — and carry out a spring clean. During these ‘inventories’, it’s not uncommon to come across ‘forgotten’ tags, activated for partnerships that no longer exist but…which continue to transfer data.

This investigative work is also a chance to go even further and consider second-level tags. These tags are often a source of data leaks to unidentified third-parties. Once again, the TMS can prove to be vital as it can re-establish the tag hierarchy and allow for any interlopers to be deactivated. This is exactly what TagCommander does via its TagFirewall feature, which uses lists (white and blacklist) to identify authorised and unauthorised tags.

Second-level tags?
As their name suggests, these tags are called by the main tags activated on a website. An example would be an advertising or testing tag that requests other tags to help provide the service. Therefore, one type of tag, for which a user has given their consent, may call upon a second-level tag that the original site cannot directly access, and therefore lacks the necessary consent.

As marketing teams undertake measures to comply with the GDPR, which at first sight may seem like a hindrance, it becomes clear that ‘Less is Better’. A change that bears a striking resemblance to that of mass emailing, whereby after a fervent start (with a saturation of audiences), stakeholders adopted wiser and more simple practices. For tag management, this translates into only implementing tags that are truly useful for providing and managing the service, since over-collecting is clearly counterproductive. Could the GDPR be seen as an opportunity? It doesn’t seem too far-fetched…