Skip to main content
GetInlytics.
Blog/GDPR and Consent Mode
Compliance Guide

How to Audit Consent Mode in GTM - GDPR Compliance Checklist

Consent Mode v2 is now mandatory for Google Ads measurement in the EEA. But most implementations have gaps - tags firing before consent, CMP signals not wiring correctly, or consent banners loading after tag scripts. Here is a complete audit checklist.

By GetInlytics·9 min read·May 2026

What Consent Mode v2 requires

Google Consent Mode v2 requires two new consent signals: ad_user_data and ad_personalization, in addition to the original ad_storage and analytics_storage. These must be set to 'denied' as the default state and updated to 'granted' when the user accepts the relevant consent category.

Without these signals configured correctly, Google Ads measurement in EU regions becomes restricted - affecting your Smart Bidding, conversion tracking, and remarketing audiences.

Consent Mode audit checklist

1

Verify gtag consent defaults are set before any tags fire

Check your GTM container for a Consent Initialisation trigger. The gtag consent default command should fire before ALL other tags, including the Google Analytics base tag. In GTM, use a Custom Event tag set to fire on "Consent Initialisation - All Pages".

2

Check all 4 consent signals are set to denied by default

The default state for EEA users should deny: ad_storage, analytics_storage, ad_user_data, ad_personalization. Open GTM Preview, clear cookies, and reload the page. Check the dataLayer events for a consent_default push with all four signals set to denied.

3

Verify CMP consent update fires when user accepts

Accept the consent banner and check the dataLayer for a consent_update push that sets the relevant signals to granted. This push must come from your CMP (OneTrust, Cookiebot, etc.) and should happen immediately after the user clicks Accept.

4

Check that tags respect consent signals

In GTM, your Google Ads and GA4 tags should have "Requires additional consent" configured with the appropriate consent type. Tags should show "Consent not required" or "Consent granted" status in GTM Preview - never "Consent denied" if you expect them to fire.

5

Verify modelled conversions are enabled in Google Ads

Go to Google Ads → Tools → Measurement → Conversions → your conversion action. Check that "Include in conversions" is enabled and that "Consent settings" shows Consent Mode is active. This enables Google to model conversions for sessions where consent was not granted.

6

Check GDPR region-specific behaviour

Some CMPs implement consent mode only for EEA regions. Use a VPN set to Germany or France to verify that the consent banner appears and that consent mode is active for those sessions.

7

Monitor violations continuously

Manual audits only catch issues at the moment they run. Deploy a continuous monitoring solution to catch violations that appear after GTM changes, CMS updates, or CMP configuration changes.

Common consent mode failures

GA4 tag fires on page load before CMP banner has a chance to load
CMP configured for EU but not including all EEA countries
ad_user_data and ad_personalization signals missing (v2 only)
Consent update event fires but uses wrong consent type names
GTM Preview shows tags firing in "Consent Denied" state
Mobile users not seeing the consent banner due to CMP configuration

Related articles and resources

How to Monitor GTM Tags - Complete GuideTagSense Consent Monitoring DashboardTagSense for DPOs and Compliance Teams

Monitor consent compliance continuously

TagSense captures consent state at every tag fire and logs violations automatically - tag name, page, region, count, severity. No manual audits required.

Consent monitoring featureView pricing