BlueConic supports your CDP use cases with rich first-party data capabilities. There are many different approaches to privacy compliance for GDPR and CCPA/CPRA. The example in this guide shows how to use BlueConic for basic GDPR privacy compliance, by blocking the platform from creating profiles for visitors from the EU. You can follow these general steps for CCPA/CPRA using the privacy management tools and choosing a different legislation zone.
Benefits of unifying consent in BlueConic include:
Compliance: Adhere to privacy regulations like GDPR and CCPA/CPRA.
Brand image: Marketers act as guardians of a business's brand, and addressing privacy concerns positively impacts brand value.
Ethical data use: Ensure customer data is used with consent, preventing unwanted contact or profiling.
First-party data strategy: Build a sustainable first-party data strategy centered on customer relationships.
Cross-team benefits: Unifying consent in a single profile benefits multiple teams, including Customer Service, CRM, Sales, Marketing, and Privacy.
Confidence in data usage: Empower customers and marketers to confidently use customer data in a consented way.
Note: BlueConic is not a consulting or law firm. This page does not constitute legal advice. We recommend you consult your organization’s legal and/or privacy experts to determine what is required for your specific organization.
Before you begin
Define your organization’s compliance needs per country or region.
Define your marketing objectives. These are the marketing goals that will require GDPR-protected customer data. You will be adding these objectives to BlueConic to inform the platform about what data to collect for whom. For example; "Collect email for personalized email campaigns" or "Optimize web experience."
Create the necessary Objectives in BlueConic.
Consent capture methods
You can capture consent in BlueConic using several approaches:
Consent management platform integration: Use Listeners to capture IAB purposes and store them as Objectives.
BlueConic Dialogues: Present on-site banners to collect and store cookie or marketing consent via Dialogues.
Privacy Consents & Refusals listener: Capture consent from an in-house or third-party cookie banner.
European Visitors Listener: Prevent profiles from being created for visitors in GDPR or UK GDPR zones unless they provide consent.
APIs and imports: Use REST APIs, JavaScript, or CSV/SFTP to import or set Objectives programmatically.
Note: Consent management functions only when a privacy legislation zone is set in the "Privacy Legislation" profile property. This property is usually set by a visitor's IP address when they visit the website. For profiles imported via a connection without an existing web profile, the legislation zone must be set during import. If direct import of the legislation zone is not possible, a preprocessor can set it during import.
Collect data
For this example, use the “European visitors: only profile after consent” listener. Once turned on, this listener will only create profiles for visitors from the EU after they have consented to one or more Objective. This listener has additional options that let you block profile creation for returning visitors who already had a profile before 25 May 2018, and to delete existing European profiles when they re-enter one of your channels. You can also specify a segment to be excluded from deletion.
Create a Listener
Log in to BlueConic and do the following:
Choose Listeners in the BlueConic navigation bar.
Select the Add Listener button.
Using the search box provided, search for European visitors.
Select European visitors: only profile after consent listener.
Enter a name in the textbox.
Expand the metadata section and enter a description or label per your organizations best practices.
Select the channels the Listener will be available on. All pages on all channels or Limited set of channels (and pages).
Check off the settings as per your preferences.
Select Exclude deletion to determine if a profile is a member of one of these segments you have defined, it won't be deleted.
Toggle the Listener to ON and click Save.
Activate data
If you want to make it possible for EU visitors to have a profile after enabling this listener, you need to create a Dialogue in order to retrieve consent from visitors for at least one of your objectives.
Choose Dialogues in the BlueConic navigation bar.
Select the Add dialogue button.
Choose a dialogue type (for example, a lightbox or form). Open the Dialogue.
Enter a name in the textbox.
Expand the meta data section and enter a description or label per your organizations best practices.
From the Who tab, set “Privacy legislation” to “gdpr” and expand the segment to target visitors who have not consented to Objectives you plan to ask for in the Dialogue.
Click Save.
Design the customer experience for managing consent
Next, you will need to design the Dialogue by which the visitor grants access.
Select the What tab. Place the lightbox on the page.
Select Edit from the modal that appears.
Open the Insert object menu and choose Privacy management components.
Note: If you do not see the Privacy management components option, contact your BlueConic CSM to install the appropriate plugin.Choose Manage consent in the Privacy management pop-up window that appears.
In the Objectives tab of this overlay, select the Objectives you're asking customers to consent to.
In the Settings tab, you can apply custom styling, and provide text to interact with the visitor.
When done, close the overlay and click Save.
Note: Setting up privacy compliance in BlueConic for CCPA/CPRA, the California Consumer Privacy Act, follows similar steps to setting up privacy compliance for GDPR.
How Objectives control BlueConic features
Consent preferences are stored in Objectives, which can automatically control access to features:
Feature | Behavior based on consent |
Listeners | Will not run for profiles that refused associated Objectives. |
Dialogues | Can be restricted to only show for consented profiles. Use the "Who" tab on the Dialogue page to apply this filter. |
Connections | Prevents data export when Objective is refused. |
Lifecycles | Gates entry or stage progression based on Objective status. |
Segments | Enables targeting by consented/refused profiles. |
AI Workbench | Includes or excludes profiles from models. |
External trackers | Can block tracking unless consent is given. |
Tip: You can assign Objectives directly in feature sidebars, or configure them from the More > Objectives menu.
Preventing vs. federating consent
As part of implementing Objectives, it's important to understand how consent affects activation workflows. There are two main ways to apply consent downstream:
Preventing: BlueConic can automatically block actions, such as stopping a profile from being sent to an external platform (e.g., Facebook export), when the associated Objective has been refused.
Federating: BlueConic can also send the profile's Objective status to external platform, like an email service provider (ESP) or CRM, so those systems can decide whether or not to act. For example, an ESP could suppress a marketing email if a user declined promotional consent.
Technical considerations
BlueConic sets the "Privacy legislation" profile property automatically based on the visitor’s IP address when they visit your website. When you create your first Objective, BlueConic also creates a profile property called GDPR Privacy Legislation, which populates with values such as gdpr for visitors in GDPR zones and none for all others. You can use this property to build segments that trigger consent dialogues when they visit your website. If you're importing profiles that haven't visited online, you need to set this property manually or use a preprocessor to assign it during import.
The "Privacy legislation" profile property must be set to enforce Objectives.
Consent logic will not work if this property is missing.
When profiles merge, refused consent always takes precedence.
BlueConic does not support merge strategies for Objectives.
Use Insights to track consents
To gain Insights into consent and refusals using BlueConic Insights, a typical dashboard should include:
Profile Property has value: Consented Objectives
Profile Property has value: Refused Objectives
Segment KPI: Show individual consented/refused objectives for each objective individually
Multiple Segments over time: Consented & Refused Objectives (requires a segment for all consented objectives and one for all refused objectives)
Segment Percentage KPI: Consented vs. refused objectives percentage
Next steps
Review the privacy management overview article.
Review and configure Objectives for all relevant features.
Implement the correct listeners, dialogues, or integrations.
FAQ
How does profile merging affect consent?
When two profiles merge, any refused consent within either profile will always take precedence, even if accepted consent was set more recently in one of the profiles. There is no merge strategy available for consented and refused objectives.
How does BlueConic segment GDPR-region visitors for consent?
When you create your first Objective, BlueConic creates a profile property called "GDPR Privacy Legislation." This property is automatically populated based on location: gdpr for visitors in GDPR zones, and none for others. You can use this property to build segments that target GDPR-region visitors with consent dialogues.