Case Study: Cookies
A win for our consulting services.
Leading enterprise program, by far.
Global Independent Audit, Tax and Advisory Firm
The Challenge
Our client — a world-renowned, global financial services leader — operates in hundreds of countries and manages 800+ active public-facing websites with diverse content and languages. To comply with data privacy regulations for each market and maintain a consistent audit schedule that ensures the integrity of legal requirements for cookie preference management and notices, a centralized cookie consent strategy was needed — not only to meet market-level privacy requirements, but to enable successful cross functional alignment and adoption across lines of business, where ownership and technical management of this vast digital real estate is the responsibility of dozens of separate internal and external teams around the globe.
Problems
Comprehensive website inventory and ownership had never been compiled, making knowing where to begin extremely difficult.
Tech teams were both internal and third party, complicating a cohesive approach to communications, implementation and ongoing assurances.
Website owners had some — but not much — understanding of data privacy laws, and were concerned about creating friction for their site visitors and taking a hit to their revenue targets.
The Solution
The project team consisted of a handful of people from Governance and the Privacy Office with a mandate to design an enterprise strategy utilizing a standardized banner and a systematic process for managing compliance.
Their review of leading cookie service providers revealed that not all solutions are the same. Framework features such as language translation, cookie definition, banner behavior, and footer protocols varied — as did pricing. By as much as 75%.
Only one vendor hit every mark the client was looking for. Our award-winning privacy compliance firm was the clear winner, exceeding our competitors in technical capabilities, verification assurances, fit-for-purpose design, pricing, and more.
And we offered consulting services, providing up-to-the-minute support for the project team as they sharpened their strategy.
To design a strategic approach, they needed to accelerate their knowledge of technical and regulatory requirements, as well as define how to publicly convey internal company values. Questions they were asking themselves and us included:
- What are the different categories of cookies we're using (e.g., essential, analytics, marketing) across 800+ unique sites?
- How did cookie data privacy laws differ by country within each region, and are these differences incremental or significant?
- What was the best way to provide transparent, unambiguous mechanisms for consent?
- Should certain websites be granted exception based on defined criteria?
- What audit cadence(s) should be set (e.g., 30 days, 6 months) to ensure continued compliance and enable tech team responsibilities?
After identifying the lowest common denominator required by law for cookie compliance, their key to success was to consider what would be a gold standard, best-in-class strategy: for their customers to get true transparency, choice, and control, and for themselves to stop chasing the ever-changing, whack-a-mole regulatory landscape.
So what did they do? In 2019, just 1 year after GDPR had passed and 1 year before CCPA was rolled out, they decided to put a cookie banner on every website in every country with an opt-in consent standard. The simplest solution.
Success
The project team decided to put a cookie banner on every website in every country, regardless of active data privacy laws, therefore truly honoring visitor choice with an opt-in consent standard for all their customers.
Amazing job!! It’s the "best-in-class" we came across so far in the banking/payment industry.
Score of 4.9/5
Data Safety Index (DSI)
The Impact
Within a 10-week sprint, 98% of all required websites had moved into compliance and implemented the banner, and our client had their first-ever centralized consent management platform.
Where previously our client's business processes, workflows, approval systems and response frameworks had been manual processes, with the deployment of Catalogue Technology, everything changed. They gained comprehensive control and visibility into their digital diaspora. Audits became completely automated with Catalogue scanning all websites in any language and penetrating complex gateways, login areas and age verification checks. Results are now shared among legal, compliance and security teams with a much deeper level of insight than ever before, and Catalogue's logical workflows, approval systems and response frameworks allow business owners and internal/external tech teams to receive, review, and respond to compliance alerts in real time.
And the project team was nominated for the Outstanding Team — Financial Services award from the Chartered Institute of UK Auditors, endorsed by their CEO of Europe and Chief Privacy Officer.
For their customers, wherever they are in the world, if they land on one of their websites, a clear and simple banner appears offering a detailed, transparent approach to gathering consent. Each cookie is in its respective category, with articulated domain, duration, and objective definition. "Accept All" and "Reject All" buttons share equal prominence side-by-side, often exceeding local regulatory requirements and always putting the customer in control. And every site footer has a link to allow the visitor to reconfirm or change their preferences for which cookies can be set when they visit.
Explore designing a cookie program for your company that is accurate and cost effective.
