GDPR and CCPA Compliance
Without Breaking Your Analytics
Most consent implementations are either too aggressive (breaking your analytics entirely) or too permissive (firing tags before consent). We implement consent correctly - compliant with GDPR, CCPA, and regional regulations, wired to Consent Mode v2 so your data keeps flowing legally.
What We Implement
We cover the full compliance stack - from CMP configuration to Consent Mode v2 integration and post-implementation audit.
CMP Setup (OneTrust, Cookiebot)
Configure your consent management platform to correctly scan, categorise, and block cookies before consent - and release them correctly after.
GDPR and CCPA Compliance
Audit your full data collection stack against GDPR and CCPA requirements. Identify where personal data is collected without lawful basis and build a remediation plan.
Google Consent Mode v2
Wire Consent Mode v2 signals from your CMP to GTM and GA4 so Google can model conversions for opted-out users - maintaining reporting without breaking compliance.
Post-Consent Tag Audit
Verify that no tags fire before consent is given, that the right tags fire after each consent category is accepted, and that your audit log is complete.
The Most Common Compliance Failures We Find
Most sites that have a consent banner are still not fully compliant. These are the failure points we audit for.
- Analytics and ad tags firing on page load before consent is given
- Consent banner not blocking third-party scripts via the CMP - only hiding them visually
- Consent Mode v2 signals not configured, so GA4 cannot model opted-out users
- No server-side record of consent stored for regulatory audit purposes
- Cookie scan not updated after site changes introduce new third-party scripts
- Pre-checked or deceptive UI patterns that do not meet GDPR freely-given consent requirements
Regulations We Cover
We implement consent frameworks that satisfy the key privacy regulations applicable to your audience.
Frequently Asked Questions
Does implementing a consent banner break my analytics?
A poorly implemented consent banner will. We implement Consent Mode v2 correctly so GA4 uses modelled data for users who decline cookies - maintaining your reporting accuracy while staying compliant. You will not lose all visibility into opted-out users.
Which consent platforms do you work with?
We work with OneTrust, Cookiebot, Usercentrics, TrustArc, and CookieYes. We also implement custom consent solutions when a CMP is not appropriate for the use case.
How do I know if my current consent setup is compliant?
Common failure points include tags firing before consent is given, banners not blocking third-party scripts correctly, no consent record stored for audit purposes, and Consent Mode v2 signals not passed to Google correctly. We audit these failure points and provide a prioritised fix list.
Know your compliance posture before regulators do
Run a free gap analysis to see where your current setup fails, or book a call to discuss a full compliance implementation.