Onetrust is a privacy & Data Governance platform. They have a lot of products which helps websites to align as per GDPR & other privacy policy compliances. One of it's products is Cookie Consent which helps to categorize website cookies into different categories (Strictly Necessary,Performance, Targeting etc..)
I will include a few basic steps which will help you to get started with Cookie Compliance & also I shall include a few configuration changes we will have to do if the website is using GTM (Google Tag Manager) as the tags which GTM fires based on certain triggering action, stores a lot of cookies in the visitor's browser.
Following are the Steps To Get Started For Cookie Compliance :
Configuration on OneTrust End :
First, we will have to enroll for OneTrust's trial account. To begin with for a POC, you can use a trial account. OneTrust provides 30 Days trial account. Although there are a few limitations of a trial account :
You can use only 1 domain as a part of your trial account.
You can scan upto 100 pages of your website as a part of trial account.
You cannot export details of your website's cookies which OneTrust provides you after initial scan.
You cannot use your branding (website logo, cookie policy) on OneTrust Cookie banner.
To enroll for a trial account, navigate to following free trial account page & enter your details :
https://www.onetrust.com/forms/cookie-scanner/
Once you have enrolled for a trial account, you will get your credentials (username & password), with that login to OneTrust Cookie Consent dashboard which will look something like this :
Click on Add Website button to start scanning your website to identify different cookies. One you click on it, a new screen appears. Enter your domain of your website. If you have different environments (Dev, Staging, Prod) only use Prod domain :
Follow subsequent steps & start scanning. It will take some time. Once it's completed, you will see completed status in your website tab.
Once the scan is complete, click on the Categorization tab in the left pane of the dashboard. There under Cookies tab, you can see all of your website cookies with their categories assigned by OneTrust :
Under Categories tab, you can see all default cookie categories which OneTrust has :
Sometimes, OneTrust may not be able to categories all cookies. For those cookies, OneTrust will categorize them into Unknown category. In that case, you will need to recategorize them manually. Holistic details of your website cookies you can see by clicking on your website name :
As you can see, we have one unknown cookie. In this case locate that cookie from cookie list, click on that cookie & assign it to appropriate category & save :
Repeat the process for all unknown cookies & once done click on Recategorization button which you will find by clicking on your website :
Once you have manually categorized all unknown cookies, click on Publish Test follow the subsequent screens & publish. After publishing, navigate to Scripts tab n the left pane of dashboard. In the right pane, you will see your website, click on the domain name.
There you will see tabs of Test Script & Production Script :
Click on Test Script Tab, you will get a script which you have to place inside start of <head> tag of your layout in order to see the cookie consent banner.
Test Scripts should be used for testing purposes as the name indicates. You can use this script on your Dev/Staging environment. For prod env, always use Production script. As I have observed in my use case, Test Script doesn't work for prod env.
Once you have tested the functionality using Test Script, you can publish Prod Script in order to use on prod env. Prod scrip takes upto 4 hours for reflecting results on the front end while results for Test Scrip are reflected immediately.
A Brief Introduction of GTM
GTM (Google Tag Manager) is a platform which enables marketers to deploy and track marketing data by easily adding code snippets to their website.
Usually for each website, we have a unique GTM container. There are 3 basic building blocks of GTM which are variables, triggers & tags.
Variables - These are just like any other variable we have in programming languages which are used to store some data. There are few system defined variables & we can create our user defined variables as well.
Triggers - As the name suggests, these are triggering actions/conditions based on which a Tag is fired.
Tags - Tags basically consists of a piece of code which is loaded on the website for external marketing purpose. With the help of a tag, we can track different user activities such as downloads, 404 events, user traffic etc..
Configuration on GTM End :
Click on Variables from left pane in your GTM container & create a new user defined variable :
Rename it as OnetrustActiveGroups & select variable type as Data Layer Variable & click on save to create the variable :
Next we have to create a trigger. Based on different cookie categories we have from Categorization section in OneTrust, we have to create triggers. For eg. If all of our cookies have been categorized into Performance & Targeting, then we have to create 2 triggers, one for performance & another for targeting.
We will only consider an example of Targeting for now. Click on Triggers from left pane in your GTM container & create a new trigger :
Let's name this trigger as Targeting Cookies Active . Select Custom Event as a trigger type with Event Name as OneTrustGroupsUpdated with following additional configurations & save the trigger :
Here we have used C0004 as the value, because that's the ID of Targeting Cookies Category. Repeat the same process for other categories such as Performance, Social Media if your cookies have been classified into those categories as well :
Next, add this trigger as a firing trigger for your Tag. Save & Publish your changes :
That's it. Now we are done with GTM configurations.
Modifications on Sitecore End :
On Sitecore end, all we need to do is to put the script (Test/Production) in the layout of your site inside of <head> tag.
You can put the script directly in the layout either statically or by storing it in Sitecore using Rich Text field & rendering it dynamically.
I will recommend to render it dynamically so as to have more control on Sitecore configuration front. If by any chance you want to remove the cookie consent banner, you can simply remove it from Sitecore without any code change & also this way you can use Test Scrip for Dev & Staging env while use Prod Script for prod env.
That's it, now you are all set to use cookie consent banner on your website.