What’s a Consent Management Platform (CMP)?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
A Consent Management Platform (CMP) is software that handles how you collect, store, and manage user consent for data processing. If you've seen those cookie banners on websites, you've seen a CMP in action. But they do more than just cookies.
For email, a CMP's job is to record consent in a way that's auditable and legally defensible. Under GDPR, it's not enough to have someone's email address. You need to be able to prove that they gave you consent, when they gave it, what they consented to, and through which mechanism. A CMP creates and stores that record. Your ESP usually isn't designed to be the system of record for consent, even if it tracks subscription status.
What a CMP typically provides: consent collection interfaces (forms, banners, checkboxes), a database of consent records with timestamps and identifiers, synchronization to downstream systems (your ESP, your CRM), and a preference center where subscribers can view and update their choices.
Whether you need a dedicated CMP depends on your situation. A solo newsletter sender probably doesn't need one. A company collecting subscriber data across multiple channels, running targeted campaigns, and dealing with GDPR at any scale should seriously consider it. The audit trail a CMP provides is much harder to reconstruct after the fact if you get a GDPR complaint or a data subject access request.
Popular CMPs include OneTrust, Cookiebot, and Usercentrics for web consent, and platforms like Didomi that cover both web and email. Your ESP may also have native consent logging features worth reviewing before adding another tool.
For more on what valid consent actually requires, what counts as valid consent covers the specifics that a CMP needs to capture.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.