Consent Management Vs Consent Orchestration: What’s The Difference?

Partner Content

Cover image

Over recent years, the data privacy landscape has experienced an incredible shift: consumers have demanded more control, transparency and privacy in regards to their personal data – and their concerns have been heard and actioned through the introduction of data privacy laws like GDPR in Europe.

So besides continuing to provide personalised experiences to customers, brands have two major challenges: 

  • They need a way to collect and manage a customer’s consent preferences
  • They need to reflect these consent preferences in the right communication channels – and to do so at scale

In response to these challenges, a new lexicon of confusing terminology has emerged (describing a new universe of tools to go with them), including:

  • Consent Management
  • Consent Collection
  • Consent Mastering
  • Consent Orchestration
  • Consent Activation

In the search for solutions to the new challenges of consent, it’s important to understand what these mean and the important differences between them. In this article, we’ll unpack these terms and show how they fit together in an overall picture of effective management of consent.

What is Consent Management?

Consent Management is a system of processes used by organisations to collect, share and update an individual’s consent and marketing choices across channels. This allows for compliance with data regulations, such as GDPR and CCPA.

This is perhaps the most-recognised term of all the ones we’re referring to today, and that’s because of the growing number of Consent Management Platforms (CMPs) on the market. A CMP informs website visitors about which types of data the business will collect and what it will be used for, and then stores visitor consent data and handles data alteration requests made by the visitor, such as accessing or erasing the stored data.

Some CMPs will display privacy notices that ask visitors to accept or decline various preferences for their data collection, whilst others will request permission from visitors to use sensitive data like their location. Others will simply inform visitors that their data is being collected. However, the best CMPs will provide proof of data compliance through accessible audit trails which can be used to demonstrate compliance and protect your business from fines. Overall, they provide transparency into a business’s data collection and usage, and are necessary to maintain compliance in data collection. 

What Is Consent Orchestration?

Consent Orchestration is the process of unifying siloed consent and marketing preferences data from multiple data sources (including a CMP) and reflecting the same choices in relevant marketing channels.

Consent Orchestration should not be confused with Consent Management; in fact, the former simply continues the user consent journey that begins through the use of a CMP (see data flow diagram below).

consent orchestration-1

It works by combining three different consent processes together:

  1. Consent Collection

Consent Collection refers to the collection of consent data from a client’s CMP (which usually includes Web and App data), as well as other data sources, such as a CRM or Loyalty Program.

  • Consent Mastering

Consent Mastering is when consent choices are standardised under a single Unique ID. This involves mapping different consent labels that can be found in different data sources to a structured single taxonomy. For example, mapping ‘Y/N’, ‘Accept / Decline’ and ‘TRUE / FALSE’ to ‘Yes / No’. Rules can then be configured to ensure consent and marketing preferences are applied to different marketing channels (like Google or Facebook). This gives brands the ability to create universal rules at the channel level.

  • Consent Activation

Finally, consent choices are correctly reflected in all marketing and advertising platforms through Consent Activation. The automation of this final phase allows the marketer to operate at speed and scale, assured in the knowledge that all customer data includes the correct consent choices (minimising the continued oversight of the Data Protection Officer too).

Do I need Consent Management AND Consent Orchestration?

In one word, ‘yes’. Here’s why:

1.Consent needs a 360° view, too

In marketing, it’s now a received wisdom that a 360° customer view is a critical foundation, resolving cross-channels conflicts and providing a clear, actionable view of the customer. What’s less well understood is that consent needs the same approach – after all, many businesses allow for the giving (and retraction) of consent at multiple touchpoints (i.e. email and account creation), which if left unresolved can result in inaccurate reflection of consent (and therefore potential regulatory violations).

Solving this problem is more or less what Consent Orchestration does: the unification and standardisation of consent from multiple sources allows a business to have a holistic view of customer consent. Consent Orchestration solves channel conflict, meaning that the channel with the most recent timestamp overrides previous selections, giving marketers the guardrails they need to always honour the most up-to-date consent choices of its customers.

2.Operating at speed and scale is critical

At the heart of a Customer Data Platform (CDP) is unified customer data: but this is of little value if it does not include customer consent, as each campaign will still require manual effort and sign off from the DPO. Including consent purposes and marketing preferences in the unification process ensures consented data is always accessible in the platform, ready to be activated in martech and adtech channels. 

3. Data Protection Officers need oversight – but not too much

A constant requirement of marketers when building campaigns is to ensure customer data includes the most accurate and up-to-date consent choices. Not only that, marketers must also have the ability to engage with customers in their preferred channels. This requires a DPO’s involvement and final approval for each campaign, as their job is to monitor compliance and mitigate risk. An orchestrated process delivers complete compliance in a ‘one and done’ approach that improves cross-departmental efficiency and minimises the involvement of the DPO in marketing-led initiatives.


Without Consent Management and Consent Orchestration, businesses risk being non-compliant with data privacy and security regulations and delivering a poor customer experience. Consent orchestration, when paired with a reliable Consent Management Platform, can help ensure an org remains compliant with constantly evolving regulations, whilst delivering an omnichannel experience capable of bolstering brand loyalty and providing personalised customer experiences.