Getting Started with OneTrust
Table of Contents
- Overview
- Prequisites
- Step 1: OneTrust Account Setup
- Step 2: Domain Configuration
- Step 3: Cookie Management Setup
- Step 4: Consent Banner Configuration
- Step 5: Script Blocking Configuration
- Step 6: Privacy Signal Configuration
- Step 7: Implementation
- Step 8: Testing and Validation
- Step 9: Go Live
- Common Setup Issues
- Best Practices
- Next Steps
- Related Documentation
Overview
This guide walks you through the initial setup and configuration of OneTrust consent management on your website. We'll cover the essential steps to get OneTrust working properly from day one.
Prequisites
Before you begin, ensure you have:
- OneTrust account and access to the admin panel
- Access to your website's HTML code
- Understanding of your current cookie and tracking setup
- Knowledge of applicable privacy regulations (GDPR, CCPA, etc.)
Step 1: OneTrust Account Setup
1.1 Create Your OneTrust Account
-
Sign Up for OneTrust
- Visit OneTrust.com
- Choose the appropriate plan for your needs
- Complete the registration process
-
Verify Your Account
- Check your email for verification
- Set up your admin password
- Complete your company profile
1.2 Initial Configuration
-
Company Information
- Enter your company details
- Set your primary domain
- Choose your industry sector
-
Privacy Regulations
- Select applicable regulations (GDPR, CCPA, etc.)
- Configure jurisdiction settings
- Set up compliance requirements
Step 2: Domain Configuration
2.1 Add Your Domain
-
Navigate to Domain Settings
- Go to
Admin→Settings→Domains - Click "Add Domain"
- Enter your website domain (e.g.,
example.com)
- Go to
-
Domain Verification
- Verify domain ownership
- Set as primary domain if applicable
- Configure subdomain handling
2.2 Environment Setup
-
Create Environments
- Production environment
- Staging environment (recommended)
- Development environment
-
Environment Configuration
- Set appropriate settings for each environment
- Configure testing domains
- Set up environment-specific scripts
Step 3: Cookie Management Setup
3.1 Cookie Categories
-
Default Categories
- Necessary/Strictly Necessary: Essential for site function
- Analytics/Performance: Website analytics and performance
- Marketing/Advertising: Marketing and advertising cookies
- Functionality: Enhanced functionality cookies
- Personalization: Personalization and preferences
-
Custom Categories
- Create additional categories if need
- Ensure categories align with your business needs
- Follow privacy regulation requirements
3.2 Cookie Inventory
-
Scan Your Website
- Use OneTrust's cookie scanning tool
- Identify all cookies on your site
- Categorize cookies appropriately
-
Manual Cookie Addition
- Add cookies that weren't detected
- Set appropriate categories
- Configure cookie purposes
Step 4: Consent Banner Configuration
4.1 Banner Design
-
Visual Customization
- Choose banner template
- Customize colors and fonts
- Add your company logo
- Ensure mobile responsiveness
-
Content Configuration
- Write clear, compliant language
- Include all required information
- Set appropriate language options
- Configure accessibility features
4.2 Banner Behavior
-
Display Settings
- Set banner position (top/bottom)
- Configure auto-hide behavior
- Set banner timing
- Configure mobile behavior
-
User Experience
- Set default consent state
- Configure consent options
- Set up preference center
- Configure consent renewal
Step 5: Script Blocking Configuration
5.1 Enable Automatic Blocking
-
Script Management
- Go to
Scripts→Script Management - Enable "Automatic Script Blocking"
- Configure blocking behavior
- Go to
-
Script Categorization
- Categorize all scripts by purpose
- Set blocking rules for each category
- Configure necessary script exceptions
5.2 Blocking Rules
-
Category-Based Blocking
- Set blocking rules for each cookie category
- Configure analytics script blocking
- Set up marketing script blocking
- Configure functionality script blocking
-
Advanced Blocking
- Set up conditional blocking
- Configure script dependencies
- Set up fallback behaviors
Step 6: Privacy Signal Configuration
6.1 Global Privacy Control (GPC)
-
Enable GPC Processing
- Go to
Settings→Privacy Signals - Enable "Process GPC Signals"
- Configure default GPC behavior
- Go to
-
Category-Level GPC Settings
- Configure each category to respect GPC
- Set appropriate actions for each category
- Test GPC signal handling
6.2 Do Not Track (DNT)
-
Enable DNT Processing
- Enable "Process DNT Signals"
- Configure DNT behavior
- Set up DNT response rules
-
DNT Category Configuration
- Configure each category for DNT
- Set appropriate DNT actions
- Test DNT signal handling
Step 7: Implementation
7.1 Add OneTrust Script
-
Script Tag
<script src="https://cdn.cookielaw.org/consent/[YOUR-SCRIPT-ID]/otSDKStub.js"
type="text/javascript"
charset="UTF-8"
data-domain-script="[YOUR-SCRIPT-ID]"></script> -
Script Placement
- Place in
<head>section - Ensure it loads before other scripts
- Avoid conflicts with existing code
- Place in
7.2 Test Implementation
-
Basic Functionality
- Verify banner appears
- Test consent collection
- Verify script blocking
- Test consent saving
-
Advanced Testing
- Test privacy signal handling
- Verify category blocking
- Test mobile experience
- Verify accessibility
Step 8: Testing and Validation
8.1 Functional Testing
-
Consent Flow Testing
- Test banner appearance
- Test consent acceptance
- Test consent rejection
- Test preference changes
-
Script Blocking Testing
- Verify scripts block without consent
- Verify scripts load with consent
- Test category-specific blocking
- Verify privacy signal respect
8.2 Compliance Testing
-
Regulatory Compliance
- Verify GDPR compliance
- Verify CCPA compliance
- Check other applicable regulations
- Validate consent language
-
Technical Compliance
- Verify cookie categorization
- Check script blocking effectiveness
- Validate privacy signal handling
- Test consent persistence
Step 9: Go Live
9.1 Final Checks
-
Production Readiness
- Verify all settings are correct
- Test in production environment
- Verify domain configuration
- Check script loading
-
User Communication
- Inform users about new privacy controls
- Update privacy policy
- Train support team
- Monitor user feedback
9.2 Launch
-
Enable Production
- Publish all changes
- Verify production settings
- Monitor for issues
- Collect user feedback
-
Post-Launch Monitoring
- Monitor consent rates
- Track user interactions
- Monitor for technical issues
- Collect compliance data
Common Setup Issues
Issue 1: Banner Not Appearing
Cause: Script not loaded or domain not configured Solution: Check script placement and domain configuration
Issue 2: Scripts Not Blocking
Cause: Automatic blocking not enabled Solution: Enable automatic script blocking in OneTrust admin
Issue 3: Consent Not Saving
Cause: Storage configuration issues Solution: Check browser storage settings and OneTrust configuration
Issue 4: Privacy Signals Not Working
Cause: Signals not enabled or configured Solution: Enable and configure privacy signal handling
Best Practices
1. Start Simple
- Begin with basic functionality
- Add advanced features gradually
- Test thoroughly at each step
2. Document Everything
- Keep detailed configuration notes
- Document custom implementations
- Maintain change logs
- Share knowledge with team
3. Test Thoroughly
- Test in multiple browsers
- Test on mobile devices
- Test with privacy tools
- Validate compliance requirements
4. Monitor Performance
- Track page load impact
- Monitor consent rates
- Watch for user feedback
- Monitor compliance metrics
Next Steps
After completing the initial setup:
-
Advanced Configuration
- Customize banner appearance
- Configure advanced blocking rules
- Set up custom consent flows
-
Integration
- Connect with Google Tag Manager
- Integrate with analytics tools
- Set up custom implementations
-
Optimization
- Optimize consent rates
- Improve user experience
- Enhance compliance features
Related Documentation
Need help with setup? Start with the Common Issues guide if you encounter problems, or refer to the specific topic guides for detailed information.