Cookie compliance well organized: this is how we approach this

For brands such as Health Cloud Initiative, SoftPlus.net and Flowant.nl, we implemented a future-proof cookie compliance GDRP solution, including Tag Manager structure and video embed technology.

Cookie compliance well organized: this is how we approach this

Whether you manage an e-learning platform, website, or are a B2B SaaS provider or are active in healthcare — sooner or later you will have to deal with cookie compliance. Every script, pixel, and embed must comply with the law and contribute to a positive user experience.

We have for various customers — including HealthCloud Initiative, SoftPlus.Net and Flowant.nl — set up complete cookie compliance. In this blog, we share our approach and how you can do it smartly with tools such as Google Tag Manager, Consent Mode and video embeds with data src.

Why cookie compliance is so important

Since the introduction of the GDRP, consent has been required to place tracking cookies. At the creating a website or managing a WordPress web design whether Sitio web de Webflow means that:

  • Analytics should not just be turned on.
  • Marketing pixels (such as Facebook or LinkedIn) must be optional.
  • YouTube and Vimeo videos may only be loaded after permission.
  • Users should be able to easily manage and adjust their choices.

And that's exactly where many companies find it difficult: how do you keep control over all scripts, especially when multiple parties (developers, marketers, content creators) are working on them?

Our approach: from structure to technology

1. Centralized tag management

For all these customers, we started with a thorough audit of all scripts:

  • Where does Google Analytics load?
  • Who Uses Facebook Pixel?
  • Which scripts are hardcoded in the HTML?
  • Are invisible iframes or tools like Hotjar active?

After that, we centralized everything into Google Tag Manager (GTM). Here we have specified per script:

  • Under what conditions it can be loaded (via Consent Mode)
  • Which trigger is used (e.g. gtm.ConsentState).

Example:
Bee
an HCI website, an EPD SaaS provider, previously ran HubSpot and LinkedIn scripts before the user made a choice. We have fully integrated these into GTM and linked them to the appropriate permission levels.

2. Consent Mode and cookie banner

Together with the customer, we choose a Consent Management Platform (CMP) such as CookieHub. We integrate these with GTM and ensure:

  • Clear cookie banners with multiple choices.
  • Multilingual support (such as Health CloudInitiative).
  • Real-time link between permission and script activation.

3. Privacy-friendly video embeds

YouTube and Vimeo are great tools, but problematic when it comes to cookies. Without permission, they place tracking cookies. That is why we have applied a uniform but flexible approach to all three customers:

Our embed technology:

  • We've replaced the sharelink with an embed iframe everywhere
  • We use it by default<iframe>, but replace src with data-src.
  • We're adding an attribute: data-cookie-consent="analytics” or “marketing”.
  • If the user has not given permission, we will show you a neat message with a button to the cookie settings.
  • With permission and click on the video, we activate the iframe via JavaScript by transferring the data src to src.

Practical example:
On the website of
Health Cloud Initiative we show a message such as:

“This video will only load after you have given your consent to analytical cookies. Adjust your preferences to watch the video.”

This notification is fully styled according to their digital brand identity, with call-to-action to the cookie preferences panel.

Important lessons from practice

  1. Put all scripts into GTM.
    Hardcoded scripts are difficult to manage. Everything via GTM makes your setup scalable.
  2. Use Consent Mode v2.
    This sets the required permission category for each script.
  3. Keep your embed code clean and verifiable.
    Let content managers work with templates that include data-src by default.
  4. Document the process.
    For all three customers, we provided documentation for their content teams — so compliance remains not only technically guaranteed, but also editorially.
  5. Test regularly.
    Browsers are changing, legislation is evolving, and scripts are being updated. Keep checking that everything works as it should. You can do this by setting up an automatic report in, for example, CookieHub

Conclusion: from compliance to trust

For brands like HCI, SoftPlus.Net and Flowant.nl cookie compliance isn't just about following rules. It's about trust. Visitors expect you to take their privacy seriously — and to be transparent about how you handle their data.

With our approach — based on central script control, smart embeds and clear communication — you can not only make your brand more compliant, but also stronger and more credible.

Need help with your cookie compliance?

We would love to help you. Whether you're running a healthcare provider, SaaS provider, or educational platform — we'll make sure your scripts, pixels, and videos work securely and transparently. Contact us for a free scan of your setup.

Enable analytical cookies to view this video

Manage cookie choices >