Health Cloud Initiative (HCI Software)
How we've set up cookie compliance for all Health Cloud Initiative websites
For Health Cloud Initiative (HCI software), we developed a robust cookie compliance setup. With central tag management and privacy-friendly video embeds, we ensure optimal control, performance and compliance with the GDPR.
How we've set up cookie compliance for all Health Cloud Initiative websites
For the various websites of Health Cloud Initiative (HCI) it was essential to implement all cookie-related components carefully and in accordance with the GDPR. From external scripts such as analytics and marketing pixels to embedded videos: everything had to comply with privacy rules and enhance the user experience.
In this case, we share how we tackled this — including practical tips on tag management and video embeds.
1. Legislation: what does the GDPR require?
Every organization in the EU must comply with the GDPR and ePrivacy Directive. Important principles:
- No cookies without permission, except strictly necessary.
- Scripts for analytics, marketing or social media may only run after an opt-in.
- Users must be able to easily give and modify consent.
- Consent must be demonstrable.
For HCI, active in the healthcare sector, visitor trust is extra important — and therefore also transparency about data and tracking.
2. Tag management: control over all scripts
Many websites load scripts such as:
- Google Analytics
- HubSpot Tracking
- LinkedIn Insight Tag
- Facebook Pixel
... interchangeably. The risk: scripts are loaded even before permission is given. Especially with complex websites such as HCI's — with multiple scripts per page — this is a race against time.
Our solution: centralised via Google Tag Manager
We've brought all scripts together in Google Tag Manager (GTM) and working with Consent Mode v2. This allows us to:
- Indicate for each script what type of cookie is required (e.g. “analytics” or “marketing”).
- Only load after permission has been given.
- Control the order of loading.
Hint: Make sure you work with a clear structure in GTM. Use Consent Initialisation as a trigger for your cookie banner and only start scripts based on consent status.
3. Embedded videos: technically accurate, legally correct
HCI regularly embeds videos from external platforms such as YouTube or Vimeo. These services place cookies — even if you're not watching the video yet. That is why it is essential that the embed only becomes active after permission.
Our approach: iframe with controlled loading strategy
We still use a normal <iframe>, but only load it after explicit permission.
This is how we do it:
In HTML, the normal src is replaced by data-src.
<iframe
data-src=” https://www.youtube.com/embed/xyz123”
width="560"
height="315"
data-cookie-consent="analytics”
frameborder="0"
allowfullscreen>
</iframe>
If the user has not given permission yet for “analytics”, we show a notification instead of the video:
<div class="cookie-video-placeholder">
<p>This video will only load after you consent to analytical cookies.</p>
<a href="#"onclick="openCookieSettings () ">Adjust your cookie preferences</a>
</div>
Once the user gives permission, JavaScript transfers the value from data-src to src, and loads the video directly into the iframe.
Why this approach works:
- The user maintains control.
- You prevent accidental cookie placement.
- You comply with the law.
- The integration remains consistent within the design.
Bonus: The notification and play button are fully designed in HCI's corporate identity, so that it remains in line with digital branding.
4. Consent element and user management
The cookie banner for HCI has been developed in multiple languages, with clear choices:
- Essential (always on)
- Analytics
- Marketing
Users can change their preferences at any time via a clearly visible link at the bottom of the page. These preferences are set via the ConsentManagement Tool (such as Cookie hub, Cookiebot or OneTrust) forwarded to GTM, where we link the script activation rules.
5. Monitoring and maintenance
We ensure continuous monitoring of:
- Unintentionally loaded scripts (via console checks).
- Incorrectly set triggers in GTM.
- New scripts that may have been added to a content release.
For the HCI team, we also created a short guide for content managers to post new videos in accordance with GDPR — including embed code and instructions.
Conclusion
Cookie compliance doesn't have to be a bottleneck. With a smart structure in Tag Manager, controlled embedding technology for videos and clear communication to the user, you can create a compliant and professional platform.
Also ready for a future-proof cookie setup? We are happy to help you create your brand safely, transparently and conversion-oriented — even within complex environments such as Health Cloud Initiative.
Ready to take your brand to the next level?
Ready to work together on your brand? Contact Frank for a personal discussion on exactly what your organisation needs.
