How Does Consent Management Platform Work?

The implementation of the GDPR in 2018 brought a lot of changes in the data industry. One significant one was the introduction of the Consent Management Platform (CMP). This is software that allows a business/company’s website to collect and handle their clients’ personal information. It’s not that they were not doing so before. But a CMP complies with the provisions of the GDPR.

If you are unsure if your website is GDPR compliant, you can contact the data experts at Ethyca. Their knowledge and experience in data privacy regulations will help you stay on the right side of the law.

What is Personal Data?

Before we dive into the content, it is prudent that we define what personal data/information is. This is a type of information that can be used to directly or indirectly identify a living person.


‘Do you accept cookies?’ This is a question that most of us have seen when logging into websites. With regards to personal data, cookies are the center of it all. Cookies can be defined as small text files, used by websites to track users, generate analytical data, point targeted marketing solutions, and more; depends on the function of the cookies.

Cookies are usually stored on the user’s browser when they log onto a website. Cookies will contain IP addresses or unique IDs which can be used to track/identify a user. This qualifies as personal data. Cookies can be used to track your activity across many websites or also share your information with other marketing entities.

Consent Management Design

A functional CMP has three essential parts: consent collection, the consent management engine, and the data processing unit.

As a business, you should recognize the different preferences of the customer/client. That way, you can be sure of the consent collection points required to obtain personal data/information. Often, consents are collected through many channels: websites, contact centers, mobile apps, user profiles, and points of sale.

Consents once collected are stored in the central consent repository, also known as ‘the records of consent’. The repository is a secure database and will ideally contain all processing data from the different data subjects.

Different data subjects have declared their stand with regards to their consent preferences. It is the work of the consent management engine to identify data subjects and sort them out in terms of their consent preferences. How data is handled by the consent management engine should meet GDPR provisions and regulations.

Data processing is the next step, after sorting between data subjects who have accepted consent and those who have withdrawn consent. The typical data processes are marketing communication and analytics.

Through marketing communication, organizations will ensure that communication in the future is always in line with the preferences of the customers/clientele.


The ideal Consent Management Platform helps you track, monitor, and respond appropriately to the requests of a visitor. The CMP can track their movement from the moment of opt-in to the closing of the tab.