What is a CMP (Consent Management Platform)?

What is a CMP (Consent Management Platform)?

7 months ago
João Bruno Soares
1 minute

With the approval of the GDPR - General Data Protection Regulation, implemented in May 2018 in the European Union, companies and organizations have started to pay full attention to consent, data processing, usage, and storage.

However, many companies make the mistake of focusing only on consent as a compliance strategy. Why would that be a mistake?

Because consent should be given throughout and for the entire data processing process, and it can be reviewed and revoked at any time. In addition, other Legal Bases of LGPD, for example, require different conditions for data usage, including consent.

This work must be done carefully and in detail to actually be able to process a person's data. Now, can you imagine how to manage the data and consents of millions of customers? That's what a CMP is for.

What is a CMP?

CMP stands for "Consent Management Platform."

A CMP is a tool/platform used to manage the consent of up to millions of users so that a company can use the data of these users for its previously stated purposes. Or, as required by LGPD, "for specific purposes."

This includes knowing what each user has consented to and giving them the opportunity to review their consents, which can be revised and even revoked, as allowed by the law.

In practice, the consent management platform works as an intermediary between the visitor and the website owner.

But, before understanding the purpose and usefulness of a CMP, we need to understand the importance of consent in the context of LGPD.

Why ask for consent?

According to the General Data Protection Law, consent is the "free, informed, and unequivocal expression by which the data subject agrees to the processing of their personal data for a specific purpose." In other words, consent is permission given by the user for you to use their data.

What are the rules and guidelines for this consent? This is precisely what documents like the Privacy Policy and, in some cases, even the Terms of Use are for, as they materialize how the company intends to use the data.

That's why whenever there is a change in the Privacy Policy or Terms of Use, consents must be collected again!

Any data used without the user's consent (referred to by the law as the "data subject") would be infringing the regulation. The fines for such misuse and violation of privacy are high, and you can read more about them in this other article: Learn more about fines under LGPD.

The CMP's function, therefore, is to manage consents by recording in writing:

  • What user X consented to?
  • What user X no longer wants to consent to?
  • Which consents did user X revoke and how does it affect you?
  • When did these events occur?
  • What is the order of events for a clear understanding of user X's interactions?
  • Integrating user X's choices with other tools that need this information for data processing.
  • Recognizing the visitor's access country and displaying the banner in the visitor's language and legislation.

This way, you won't run any risk of processing data in a way that is not authorized by law, ensuring the ethics of your work and the privacy of your customers.

But you might wonder: Can't I do this differently, saving money? Is a CMP only for this?

Well, that's what we're going to find out.

Do I need a CMP?

To answer this question directly: no, you don't need one.

In simple terms, the CMP's function is to show the user, with a pop-up or banner, the consent options and prove that the user has actually accepted the processing of their data, as well as remove and update previously consented data.

However, doing this manually is impractical, especially considering hundreds of thousands (or millions) of visitors to your site. The CMP allows you to have all this recorded and even update the Privacy Policy and Terms of Use to keep the user informed.

And why is it important to document consent automatically?

Suppose several users whose data is being processed say, "We do not authorize the use of our data." How can you prove that consent was given among a queue of a thousand, two thousand, a million requests?

With a CMP.

Remember: the important thing is to comply with LGPD and not harm your business. After all, before the fines, this process is time-consuming, and instead of focusing on consent management, you could focus on making sales and selling your product!

The means used to comply with the law in practice are chosen by you. The CMP is here to help you.

How does a CMP work in practice?

For the user, in practice, the CMP displays a banner that the website uses cookies and collects data and information from its users. The banner, usually in a pop-up, explains the purpose for which the site processes the data. Along with the banner, there are options: the user can accept all forms of processing, accept only some, or accept none.

The consent management platform is also responsible for integrating your Privacy Policy and Terms of Use. Furthermore, as required by LGPD, tags must be organized for specific purposes. A CMP like AdOpt allows this to be done simply in a customizable interface.

In this article here, we delve into the step-by-step of a cookie banner!

What is important for the DPO?

The Data Protection Officer (DPO) is the professional responsible for overseeing data preservation and compliance with the law.

Since the DPO is the link between the company and the ANPD (National Data Protection Authority), it is essential that they educate the company and teams.

The main task of the DPO is to accept requests, complaints, and communications from data subjects, taking steps to ensure their wishes are respected and met. The workload is significant. The CMP, in turn, ensures that data will be well managed and consent will be documented and easily accessible.

In this way, the CMP streamlines the work of the Data Protection Officer. They won't be overwhelmed, and the company won't need to increase the team to handle the task, which would significantly increase operating costs.

LGPD has already required all websites to update their way of working. It is normal for many questions to arise and initially seem difficult. But remember that we are here to answer your questions.

And if you want to know more about how a CMP can specifically help your site, click on this link and get in touch.



Related posts

Adopt post

How to choose a Cookie Banner for your website

What are the criteria for this choice, and what are the strengths and weaknesses of each option? Well, we're here to help you because this decision needs to be well thought out!

Adopt post

Best practices in tag categorization

It's time to talk about one of the most impactful tasks, both for the company and for the visitors of your websites: tag categorization. But why is it so impactful? What is the relevance of this configuration and how can it affect us? It is precisely because of these common questions we receive from our clients that we have written this article on best practices in tag categorization.

Adopt post

How long can we ignore LGPD?

LGPD is in effect. Despite that, there are still many companies ignoring it, but is that possible? How long can we ignore LGPD?

Adopt post

The Impact of Cookie Banners on Your E-commerce - LGPD

Having a cookie banner on your brand's website has become indispensable for many. However, for e-commerce websites, it has practically become an obligation to have one. This is because this type of website has a technological composition in which cookies are a structural part. Login flow, items in the shopping cart, recommendation showcases, remarketing... Most of them rely on cookies.

Adopt post

How does a cookie banner operate?

Here is a step-by-step explanation of how consent registration works in AdOpt.

Adopt post

How to Choose a CMP (Consent Management Platform)?

Using a CMP (Consent Management Platform) is a great way to make efforts to adapt to new privacy regulations like GDPR, LGPD, DPDPA, CCPA and more...

Adopt post

Why are cookie banners everywhere?

Want to understand why there are cookie banners on every website you visit today? This article is for you!

Adopt post

LGPD and Cookies all do you need to know?

In this article, you will have a great introduction to the topic, as well as various other variations that revolve around the subject: Cookies and LGPD.

Adopt post

What is the difference between cookies, local storage, and session storage?

Despite cookies being more well-known, what is the main difference between cookies and session storage and local storage? Why choose one over the other? This article will help you with these doubts!

Adopt post

We've created a cookie banner plugin.

The WordPress platform powers nearly 450 million websites globally, and it's estimated that 50% of Brazilian websites are on this platform. We are ready to help you, WP lovers!

Adopt post

LGPD: An Opportunity for Digital Marketing Agencies!

Have you ever thought that your marketing agency could find a great business opportunity in LGPD? Well, unlike what many think, it brings changes that can accelerate the demand for the services of these companies.

Adopt post

5 Signs Your Website Needs an Cookie Consent Strategy

How does your website handle LGPD? What strategies does it use to comply with the General Data Protection Law? Have you thought about using a cookie notice but don't know if your site has cookies or if it's enough? If you can't answer these questions, be cautious! Your page may be exposed to fines and other sanctions.

Address: 7345 W Sand Lake Road, Ste 210 Office 5898 Orlando, FL 32819
EIN: 86-3965064
Phone: +1 (407) 768-3792



Legal Terms

© GO ADOPT, LLC since 2020 • Made by people who love