Data governance: Manage and control your data assets while remaining compliant with regulations

On June 1st, François Labonne, Head of Professional Services, and Nicolas Naparty, Customer Success Accelerator at Commanders Act, hosted a webinar on Data Governance, with a particular focus on data management and monitoring in a compliance context. Here’s what you need to remember.

If you haven’t followed episode 1, you can find a 👉 summary here 👈

Optimize your strategy with our white paper on data governance for marketing performance!

  1. Managing your data compliance

1.1 GDPR issues at the heart of data governance

Making your data compliant includes 4 main pillars on which you can build:

  • Centralising and managing consents to provide a single repository on which your organisation can rely to understand data consent
  • Access to your data at all times so that it is available to end users on request
  • Integrating the management of contacts’ right to be forgotten, a concept that your platform must be able to manage
  • The deletion and/or anonymisation of personal data, following non-action by users within the various contact points that you may run

To address these pillars, Commanders Act has deployed various solutions to support its customers in implementing compliance, including its Consent Management Platform.

This enables banners to be deployed to manage user consent depending on navigation (web or mobile application).

You can improve user consent management by creating a personalised preference centre where online and offline consent (e-mail, SMS, etc.) are merged around unified users.

Various APIs on the Commanders Act platform are available to connect to the entire customer repository built through your data governance strategy and give you the option of querying the constituent elements of the user profile.

You can also customise a web page to display this information to visitors who wish to manage their consent and personal information via a landing page.

If you want to go further, you can simply set up a space for your brand and your customers to share information on the platform.

1.2 Understanding the current context

Based on the data from our Privacy Barometer 2023, all sectors are affected by a drop in the average opt-in rate on desktop (71% opt-in in 2023) and also on mobile (80% opt-in in 2023). However, this remains similar to the average rates observed in 2022 (74% on desktop, and 83% on mobile in 2022).

Our study also shows that classic pop-ins similar to this one are still the best performers.

Go to our last edition of the Privacy Barometer

This slight drop in the average opt-in rate has multiple causes, one of which is that visitors have got into the habit of seeing the “Continue without accepting” button at the top right of the consent banner. To counter this, some brands have moved this button so that it is not clicked by reflex, but rather encourages visitors to read the entire message before making their choice.

Another point to consider is the colour code. It influences whether or not visitors accept cookies and allows the acceptance button to be subtly highlighted. Organisations that include red in their graphic charter are underperforming if they persist in keeping the “Accept all” button in red.

In terms of consent scenarios, these scenarios, designed to force users to make more clicks, are not only on the red line as far as the CNIL is concerned, but do not produce the best results.

This tendency to under-perform also affects multi-domain sites, where visitors are repeatedly asked to give their consent each time they change domain.

1.3 Strategies and actions to be implemented

To optimise your consent rates, you can use re-optimisation scenarios. Using graphic elements, these scenarios aim to suggest that users give their consent on specific points (e.g. integration of a YouTube video) so that they can still access the content offered by your site.

These sites display banners, pop-ins or direct integration instead of content with a message “You’re only 1 click away from all the features we offer on our site” to encourage visitors to change their choice.

You have 3 options for integrating this banner:

  • The pop-in may be displayed after the user has clicked on “Continue without accepting”, on the 2nde or 3ème page viewed, or when the user revisits the site to update their consent.

Be sure to include a reminder of the context and objectives so that visitors understand the purpose of your approach.

  • The “cookie button” for easy access to your choices regarding consent.
  • A simplified banner, displayed a few seconds after the choice has been made or when visiting other pages, so that visitors who have explicitly refused to give their consent can change their mind in just 1 click.

1.4 Solutions for your Data Protection Officer (DPO)

Providing your DPO with a range of resources is essential for responding to end-customers about access to their data, but also for carrying out operations on that data.

  • If a user wants to access all their personal data hosted in your database, the APIs available in your platform will allow you to retrieve the user’s complete profile using all your tools.
  • Simply export data directly from the platform
  • Get an overview of logs within the platform via the User Log. All interactions with the data are tracked and stored so you know who did what.
  • Ensure that your customer/prospect data is accessible at all times
  • Respond to your users’ requests and rights regarding the deletion of data, including the right to be forgotten. Data anonymisation and purging protocols are available, enabling the DPO to manage the accessibility and management of personal data stored within the platform.

1.5 Recommendations on data retention periods

2. Segmentation : activating the right audience on the right channel

Achieve effective segmentation at the heart of data governance by focusing on data that is useful for segmentation, personalisation and analysis.

The data types you need can be integrated into your platform:

  • Browsing data (sections/pages visited, URL, device, frequency of visit, etc.), which can be activated on our platform via the Tag Manager System CAX, which enables you to collect data in real time.
  • Campaign tracking data (display impressions, e-mail opens, conversion amount, etc.) can be activated via Campaign Analysis CAX and is also available in real time.
  • Data from the CRM / Data Lake (options subscribed to, house score, age, etc.) available in the Data Activation CAX
  • 2nd party data such as location, look-a-like profiles, also available in Data Activation CAX

However, PII (Personal Identifying Information) is sensitive data that requires encryption to ensure compliance and prevent any leaks. This encryption is possible thanks to Commanders Act’s Data Cleansing functionality, which enables events to be transformed and corrected in real time, and is carried out in no-code or low-code.

Once the data is compliant, standardised and processed, Commanders Act provides its users with various interfaces for mixing all the criteria and data from your website, mobile application, CRM, partner database, etc. centralised within your database.

Dashboards are also available to monitor the development and exposure of your segments. These enable you to :

  • Understand how your audience is divided and grouped into your segments
  • Reduce marketing pressure by not activating similar audiences
  • Refine your segments to make them more relevant
  • Select a period of time and analyse the evolution of users who have entered or been withdrawn
  • Analyse changes in the overall volume of users

Several uses for dashboards :

  • Acquisition – Exclude buyers: when you set up an Adwords campaign to retarget users who have already been exposed to your products, you can use these dashboards to exclude people who have already made a purchase on your website and target only relevant people.

  • Contextualisation of the experience: after a user’s first visit, their browsing data is stored. On a second visit, you can activate this data to display the last products seen and encourage users to add them to the shopping basket.

  • Customer knowledge : provide enriched customer knowledge by detecting your visitors’ channels of appetence to push your segmentation and get in touch on their preferred channel.


Implementing a Data Governance strategy enables fine-grained management of consent, so that we can interact with users on the channels that are right for them and at the right time.

Find out more about our consent management solution by clicking here: 👉click here 👈