Knowledge Hub

Consent Management Platform – buy or build yourself?

Knowledge Hub Knowledge Consent Management Platform – buy or build yourself?

Consent Management is not only technically very complex, it is also without question a very touchy subject in the legal sense. And although there are a few SaaS solutions on the market designed to deal with the challenge, the temptation to build a tool in-house is great – at least at first glance.

But why do even large concerns ultimately decide on a SaaS solution in the end, despite certainly having the required budget and the appropriate resources for building one’s own Consent Management Platform (CMP)?

10 good reasons for using an SaaS Consent Management solution.

Shared development costs

Developing software ties up resources and costs money. It is also clear that the greater the complexity, the higher the costs. For small businesses and microenterprises, building a consent tool themselves is not even a matter for consideration. 

Large companies with the required budget make the following calculation: Would the company’s own development costs be higher than purchasing a solution? The problem is that calculating these costs in their entirety is mostly impossible as building an in-house solution is fraught with risks such as delays, errors, security gaps etc., all of which will blow the budget.  

An SaaS provider shares the development costs with thousands of companies. You therefore pay for just a fraction of the development costs compared with an in-house solution. 

No maintenance costs or unexpected follow-up costs

Developing your own tool is certainly no mean accomplishment but, strictly speaking, the real work begins after completion. Every solution, regardless of how good it is, is ultimately prone to bugs. Which therefore begs the question “Who is responsible for the tool’s care and maintenance”? Who ensures that the tool is always up to date, both technically and in accordance with current legal requirements? And what happens when the person responsible for looking after the tool leaves the company? 

Instead of unexpected, additional development and maintenance costs which can add up to several hundred thousand Euros per year for an in-house tool, an SaaS solution offers complete cost control. This is because we are continuously developing and enhancing our software every day, adding new features and always have our eyes on the latest technical and legal developments. All these processes run in the background and are of course part of our packages. 

No opportunity costs

Every company, regardless of its size, must do business with its available resources and manpower and very carefully decide how it is going to use them. The question to ask is “How much time and resources should be poured into a project which actually has nothing to do with the company’s core business?”. 

The division of labour and specialisation clearly increase productivity. Because what use is a Consent Management tool when your competitors have already overtaken you in the time you spent developing it?

Quick implementation

Realistically, six months to a year will pass from the first idea for a software application and its development through to the test phase. Time which simply is not available for data protection matters given the current legal situation if one wishes to minimise the risk of legal trouble.

Anyone using an SaaS solution can immediately test out a finished tool for a fraction of the investment – and at a “state of the art” level. Should it not live up to your requirements, a quick switch to a competitor is possible.

Best Practice Processes

SaaS software providers are experts in their field and with good reason. You will be able to access many years of experience with the needs and challenges of very diverse customers. The providers know the pitfalls, have already made every mistake themselves, taken every diversion and already solved all problems occurring in the initial phase. However, if you build your own Consent Management tool you are really starting from nothing – and with exactly one use-case, namely your own firm.

As an SaaS CMP provider we are intimately familiar with our customers and their needs. All our best practice insights flow directly into the product development. All customers who have booked the Standard Package benefit from this as well as our Enterprise customers. 

Quick professional support

Every software application is prone to error – especially when subject to strong demands. Problems must be resolved quickly as errors in data processing are a very sensitive subject in the area of consent management, e.g. if consent cannot be saved due to technical complications and therefore not tracked. This scenario is very critical in the event of an audit.

At Usercentrics our Customer Success Team and Tech Team work continuously together to ensure seamless operation and enable any bugs or errors to be resolved quickly and efficiently.

Always legally up to date

Data protection is a “work in progress”. Laws change, new rulings are issued at regular intervals and even the most skilled data protection officer struggles to maintain perspective and stay completely up to date. Anyone wanting to stay on the safe side must keep up with European and international developments (CCPA in California, LPGD in Brazil etc.) as well as the situation in Germany and ensure they can be reflected technically in the CMP.

 ⇨ Usercentrics does not, however, offer legal advice because the implementation of concrete provisions is ultimately the responsibility of the company itself and/or its data protection officer or legal department. That said, we are always here for you with any questions regarding legal changes and their implementation through the CMP. We always have our eyes on current developments and create appropriate features in advance so that you can make appropriate changes to your CMP on time, based on the new legal requirements. 

Access to Expert Knowledge

Investment in SaaS software not only gives you access to software but also the technical know-how and – especially relevant in the case of Consent Management – the legal know-how behind it. 

With every Usercentrics CMP package our customers receive, for example, access to our comprehensive database of legal texts with more than 1,000 technologies containing all legally relevant information (such as scope, purpose, place and duration of processing) in addition to data processing services. This is regularly updated by our own team which was created for this very purpose. Furthermore, we consult and guide our customers with the opt-in optimisation, offer the opportunity to conduct targeted AB testing and regular performance reports. 

Support of industry standards such as TCF 2.0

In addition to legal and regulatory requirements, new industry standards such as the IAB TCF 2.0 will play an even greater role in the future. A good Consent Management tool must be capable of technically supporting these complex standards. 

In the case of TCF 2.0, this means that in future personalised advertising run via technology providers who have committed themselves to the framework will only be permitted when a sound legal basis can be reliably ascertained. This must be transmitted in the form of a special consent-ID, the IAB Transparency & Consent String (TC String), which can only be created by an IAB certified Consent Management tool. 

We can only speculate about the relevancy of these industry standards in the future. What is certain is that advertisers must be prepared for all eventualities in order to protect their advertising revenues. At Usercentrics, we are also leaving nothing to chance in this area and are, for example, currently getting our CMP certified by the IAB as part of a lengthy process.

Audit-proof data storage and documentation

A Consent Management tool not only fulfils the task of obtaining and managing consent, but also documents it without leaving any gaps. Should you receive a warning or an audit by the data protection authority, website operators must be able to present the consent history of its users according to the GDPR. 

Various data points should be recorded here e.g. time stamp, user agent or the version of the consent text. Placed URL calls should also be logged in order to prove that no cookies were run before consent was obtained.

Sensitive data requires special protection. The Usercentrics CMP saves and manages user consent in an audit-proof manner and at the highest data protection standards thanks to its use of a SOC-1/2 and ISO certified infrastructure. Additionally, we also guarantee the strict separation of consent data from other business data through our CMP.

CONCLUSION – Weighing up the risk between buying vs. building yourself

Admittedly, the idea of building your own Consent Management tool and maintaining control over all processes, fully independent of external support, certainly has its charms. But ultimately it is all about weighing up the risks. Is the effort spent developing our own software worth it? Can we manage if the costs unexpectedly spin out of control? Do we have the manpower to keep a consent management tool at the most current level so that we do not start moving about on legally dangerous ground? Or would we be better off using a stable outsourced solution and benefit from external support and a transparent cost structure? 

At Usercentrics, we work daily with more than 60 experts from the legal, tech and customer success areas to continuously develop and optimise our Consent Management tool. We have been supporting large concerns, small to medium size companies and the smallest enterprises for over two years on their way to GDPR compliance. Benefit from our expertise, place the matter of Consent Management in our hands and get back time and resources for that which you do best – your core business.

You want to learn more about Usercentrics? We would be happy to advise you.