OneTrust Implementation Guide
Learn how to integrate OneTrust with Ours Privacy for seamless consent management and compliance with privacy regulations worldwide.
OneTrust Implementation Guide
OneTrust and Ours Privacy work together to provide a comprehensive consent management solution that supports healthcare, GDPR, CCPA, and other privacy regulations. This guide explains the capabilities, operating modes, and integration patterns available when using OneTrust as your Consent Management Platform (CMP).
Overview
OneTrust controls when the Ours Privacy SDK loads and provides granular consent data that flows through your entire data pipeline. This approach delivers:
- Regulatory Compliance: Full support for GDPR, CCPA, CPRA, LGPD, and healthcare regulations
- Granular Control: Category-based and vendor-specific consent management
- Complete Audit Trail: Visibility into every consent decision and change
- Flexible Integration: Works with any OneTrust configuration or consent strategy
Operating Modes
Ours Privacy supports three distinct operating modes for consent management with OneTrust, each offering different levels of data collection and consent enforcement:
Mode 1: Strict Consent Mode (Zero Data Collection)
Ours Privacy SDK is not loaded until explicit consent is granted through OneTrust, ensuring zero data collection before user permission.
How it works:
- OneTrust controls when the Ours Privacy SDK loads
- No data is sent to Ours Privacy until consent is granted
- Complete control over tracking initiation
- Zero data collection before user permission
Capabilities:
- Zero data collection before consent
- Complete control over tracking initiation
- Full audit trail of consent decisions
- Support for granular consent categories (analytics, marketing, functional, necessary)
Mode 2: Mapper-Controlled Mode (Recommended)
Ours Privacy loads immediately and collects all events, but the mapping layer stops dispatch to destinations based on consent conditions.
How it works:
- Ours Privacy SDK loads immediately and collects all events
- Consent status is passed as event properties
- Ours Privacy mappers conditionally route events to destinations based on consent
- Events without proper consent are filtered out at the mapping layer
Capabilities:
- Track consent banner interactions and decisions
- Monitor consent change patterns
- Debug consent-related issues
- Maintain analytics on consent compliance
- Granular control over which destinations receive data
Use Cases:
- Marketing teams needing consent analytics
- Product teams optimizing consent flows
- Compliance teams monitoring consent rates
- Organizations wanting comprehensive consent tracking
Mode 3: Destination-Level Consent Mode
Ours Privacy always dispatches events to destinations, but passes consent information to destinations that support consent-level fields.
How it works:
- Ours Privacy SDK loads immediately and collects all events
- All events are sent to destinations regardless of consent status
- Consent information is passed as properties to destinations
- Individual destinations handle consent enforcement based on their own capabilities
Important: This mode is destination-specific and not all destinations support consent-level fields. Only destinations with built-in consent handling capabilities can properly respect consent in this mode.
Capabilities:
- Always-on data collection
- Destination-level consent enforcement
- Reduced mapping complexity
- Real-time data flow
Limitations:
- Not all destinations support consent fields
- Less granular control than mapper-controlled mode
- Requires destination-specific configuration
- May not provide complete consent compliance for all destinations
Choosing the Right Mode
The choice between these modes depends on your organization's privacy requirements, compliance needs, and technical architecture. We recommend:
- Consult with your privacy officer and/or legal team to determine the appropriate consent management approach for your use case
- Reach out to us to start a conversation about privacy and consent management strategies
Our team can help you evaluate your specific requirements and recommend the best approach for your organization.
Consent Categories and Capabilities
Standard Consent Categories
OneTrust provides four standard consent categories that map directly to Ours Privacy:
- Necessary Cookies - Always enabled, required for site functionality
- Functional Cookies - Enhanced functionality and personalization
- Analytics Cookies - Performance measurement and site optimization
- Marketing Cookies - Advertising and targeting capabilities
Advanced Consent Features
Note: You can read the geographic state from the Ours Privacy mapping layer and push your consent decisions to the mapping layer.
- Geographic consent rules - Different consent requirements by region
- Time-based consent - Consent expiration and renewal handling
- Consent versioning - Track changes in consent policies over time
- Consent analytics - Monitor consent rates and patterns
Compliance Capabilities
GDPR Compliance
OneTrust with Ours Privacy delivers comprehensive GDPR compliance:
- Explicit consent collection - Clear, unambiguous consent mechanisms
- Consent withdrawal - Easy user consent withdrawal and data deletion
- Data minimization - Only collect data for consented purposes
- Audit trail - Complete record of all consent decisions and changes
CCPA/CPRA Compliance
For California privacy regulations:
- Do Not Sell signals - Respect user opt-out preferences
- Right to know - Provide transparency about data collection
- Right to delete - Support data deletion requests
- Opt-out mechanisms - Easy ways for users to opt out
Healthcare/HIPAA Compliance
Specialized compliance for healthcare organizations:
- PHI protection - Ensure protected health information is handled properly
- Consent documentation - Maintain detailed consent records
- Audit capabilities - Complete audit trail for compliance reviews
- Data segmentation - Separate healthcare data from marketing data
Mapping and Routing Capabilities
Destination-Based Routing
Ours Privacy's mapping layer routes events based on OneTrust consent:
- Analytics destinations - Only send data when analytics consent is granted
- Marketing destinations - Route to advertising platforms only with marketing consent
- Functional destinations - Enable enhanced features with functional consent
- Necessary destinations - Always route essential operational data
Conditional Data Processing
Beyond simple routing, the mapping layer can:
- Transform data - Modify event properties based on consent level
- Filter sensitive data - Remove PII/PHI when consent is limited
- Aggregate data - Combine events differently based on consent
- Delay processing - Hold events until appropriate consent is granted
Conclusion
Integrating OneTrust with Ours Privacy enables:
- Full Regulatory Compliance: Support for GDPR, CCPA, CPRA, and healthcare regulations
- Granular Consent Control: Category-based and vendor-specific consent management
- Complete Audit Trail: Visibility into every consent decision and change
- Flexible Integration: Works with any OneTrust configuration or consent strategy
The Ours Privacy platform respects these consent properties throughout your data pipeline, ensuring compliance while maintaining data integrity and user privacy.
For additional support or questions about OneTrust integration, contact our support team at [email protected].
Updated 6 days ago