Didomi Review

Didomi is a consent management system available in three plan options. It is mainly for large organizations, but some small businesses have opted for it. We investigate this platform’s appeal.

What is Didomi?

Didomi is a French company, based in Paris, and it was founded in 2017 by Raphael Boukris and Romain Gauthier. The two founders are still with the company – Gauthier is the current CEO and Bourkis is the VP of Sales. 

The name derives from the Ancient Greek word δ‌‌ιδο‌μι, which means “consent.”

This business provides a consent management platform from its cloud servers. The company has a menu of services and bundles those into three plans but it doesn’t publish any prices. This is because the company realizes that most customers of these services require assistance in setting up their accounts, which, essentially, can be portrayed as a bespoke service. Also, some customers require a certain degree of customization in order to be convinced to sign up. 

Customized systems are usually expensive and cater to larger businesses with quirky requirements. However, Didomi does have some smaller businesses on its client list and the platform has an entry-level plan for them.  

What is consent management?

The field of consent management aims to seek approval from a member of the public, store that response, and then refer to it. In the digital realm, the purpose of this process is to get approval for data storage. The most noticeable discipline of Consent Management in the world today is the cookie consent banner.

Cookie consent is a little different because rather than asking users whether it’s OK to store data about them, the cookie gets stored on the user’s computer. So, when working with websites, you have two types of consent to deal with: data storage consent and cookie consent. Didomi is concerned with cookie consent.

Didomi Review Methodology

The Didomi platform provides four modules:

• Consent Management
• Compliance Monitoring
• Preference Management
• Privacy Request

We will look at each of these systems in turn. Although Didomi doesn’t publish any prices, we will look at the plans and how they fit the platform’s modules together. 

The sales-to-onboarding funnel involves a consultation and a discussion over a demo. Therefore, the onboarding process needs to be assessed as part of this review.

We will also look at the opinions of current users by browsing reviews of the platform. While there are many mid-sized and large companies using the platform, there are also some small businesses on the client list, so we will look at their reviews and try to deduce whether they find the system expensive.   

Didomi isn’t going to be your only option when you’re looking for a consent management system, so we will list some of those services that compete with Didomi and see whether any of them address different business sizes better. 

Finally, we will sum up the positive and negative aspects of the Didomi service.

Didomi Consent Management

The Consent Management tool in the Didomi platform is very tightly linked to the Compliance Monitoring unit. In fact, the Consent Management system is entirely dependent on the data privacy standards that you need to operate. 

The close link between consent and compliance lies in the importance of regulatory requirements for consumer-facing IT systems. Different locations in the world have different legal expectations from systems., such as websites. Seeking consent for data storage and cookies are part of the legal landscape. So, the text of a cookie consent form has to meet local requirements according to where a site visitor is, not where your Web server is. 

Regulation selection

The setup process for an account on the Didomi platform begins by selecting a regulation to follow. These are laid out in a grid.

While most of these regulations have the same requirements for cookie consent, a few have extra routines. For example, in many legislations, it is enough to put up a notification that states by continuing, the visitor is consenting to the use of cookies. Other regulations need the user to give specific approval for each category of cookie, such as marketing or statistical trackers. 

The regulations that an administrator can choose from are:

• GDPR (EU and UK)
• CPRA (California)
• VCDPA (Virginia, USA)
• CTDPA (Connecticut, USA)
• CPA (Colorado, USA)
• Law 25 (Quebec, Canada)
• LGPD (Brazil)

Any website that is operating around the world and doesn’t have any specific blocks on access location is going to need to comply with all of these regulations. 

Cookie consent features

The Consent Manager system is able to serve different cookie notification banners in different languages according to the location of the website visitor. The Didomi system has 45 languages in its library. This technique is called geo-targeting and it will automatically switch the banner that gets shown. There are a few aspects of the banner that you can influence, such as its color and font – you can also add your company’s logo. 

The Didomi console includes a library of templates, so the administrator creates a banner by selecting a template and then adjusting it. A specific design can also be tried out and tested, running two types in parallel for an A/B testing exercise. 

Notifications can be posted to different devices, such as laptops or smartphones. It is even possible to post cookie notifications on smart TVs.

Responses to cookie consent forms are stored on the Didomi server, and you can access them through the console. The records are anonymized to avoid dealing with the regulations surrounding the storage of personally identifiable information (PII). So, each user is identified by an ID.

The console also provides throughput and accept/deny statistics for analysis through the console. Analysis can be exported for further analysis or reporting.

Compliance Monitoring

Standards compliance management really starts with the design of the cookie consent banner, as described in the previous section. The choice of regulations made in the Consent Management unit governs all of the actions of the compliance monitoring module.

This system watches over a website, scanning it to identify the presence and type of cookies that it can generate. Didomi plans allow multiple sites to be managed simultaneously, so you will get all of this activity acting on all of your sites simultaneously. Scans occur weekly or monthly. 

Third-party risk 

In compliance terms, third-party risk refers to the data privacy performance of suppliers, such as cloud server providers. In the Didomi dictionary, this term refers specifically to plug-ins, widgets, APIs, and other code inserted into or referenced within the HTML of a Web page. 

As part of its compliance monitoring processes, Didomi scans through these external code snippets to check for cookie generation. That action will rarely be implemented within the function call that is visible within the page, so the Didomi system loads the page to provoke the third-party cookies that relate to it. The company calls this “multi-scenario Web scanning,” but it is a form of dynamic application security testing.

In addition, Didomi maintains a database of breach events at well-known API suppliers and CDN systems around the world. This is like a threat intelligence list and it enhances the information gleaned from the cookie scan. 

GDPR compliance

The Didomi scanner produces a Health SCore for a site, identifying its compliance with GDPR. Depending on your plan, you will receive this report once a month or once a week. The details of the score are shown in the dashboard with a list of detected cookies, with the category and source of each. 

The Health Score’s cookie list provides a ranking for each cookie, assessing whether it harms your site’s credibility or whether it is a necessary function of website cohesion. You have until the next scan date to decide what to do about this list. If a cookie results from an API that you use, there isn’t much that you can do to stop it other than remove the API. Your team will need to decide whether such an action is desirable or even possible. 

Didomi can produce a list of the producers of widgets and APIs in your Web pages to print in the cookie notification banner. This isn’t entirely necessary for GDPR compliance. However, the Didomi system doesn’t seem to be able to categorize or block cookies by type or purpose, so it won’t present the visitor with the option to block marketing or statistical trackers but it can perform that task for component producers by name or affiliate group. 

This seems to be a workaround, treating vendor types as though they were cookie types. Other than blocking specific APIs buried in your website’s code, Didomi doesn’t have any mechanisms to respond to any user demand to block cookies. 

This producer-focused cookie control turns off sections and features of your website, which could cripple the very purpose of your site. For example, if the user selects not to allow cookies from the producers of your shopping cart, you might not be able to sell anything to that person. 

All data in the Compliance Monitoring module are available for analysis and reporting. 

Preference Management

The Preferences Management module of the Didomi platform doesn’t dovetail with the Consent Management and Compliance Management units. This is a completely standalone service that enables regular users to state their preferences when using the site. 

Examples of how this service could be used include storing a shopper's measurements on a clothing site or topic searches and email alerts on a news site. Implementing these preferences is not part of this system's remit. The collection of preferences can’t be provided with a standard form because the subject and attributes of the preferences users might want to store would vary according to the site's purpose. 

If a site has a user preferences page, the cookie consent service can be integrated into it. However, this preference page aims to eradicate the need for cookies. This is because the storage for user-related data can be moved onto the cloud server and doesn’t rely on the ability to store fragments on the user’s computer. 

The new data storage strategy of the preferences management approach creates a different code design to the methods that require cookies. So, this module offers the opportunity to strip out many cookies and replace them with references to profile values. The opportunity to work without cookies is easier to deal with for new developments than through rewrites of existing websites. 

The preferences profile also acts as an interface for the user to see what personal information the company holds. Thus, it eradicates the need to build a data subject access request (DSAR) management system.

Privacy Request

The Privacy Request module deals with data subject access requests (DSAR). Processing these requests is required by GDPR. However, they aren’t needed for cookie consent records because those are anonymized through the use of ID in stored records rather than personally identifiable information. So, you don’t need the Privacy Request unit if you are only concerned with legal cover for cookies.

This unit provides form templates for the service of DSARs. The forms can be embedded in your own website or you can even set up a separate site to centralize the processing of DSARs for multiple sites. 

Wherever you host your DSAR interface for outsiders to access, the data that they collect goes to your account space on the Didomi system. The DSAR processing screens in the Didomi Privacy Request module provide workflows for assigned administrators to follow in identifying the relevant information, preparing it, and serving it. 

The service sets up deadlines for each task in the workflow and will send out reminder emails to the allocated administrator as the deadline approaches until the task has been completed. 

Customer support

The Customer Support team at Didomi are highly praised in user reviews. The company has a very wide customer base and the small business end of the range is more dependent on a supportive Help Desk because they are less likely to have their own technicians on the payroll. 

Onboarding is a crucial point in a business’s experience of a system and Didomi seems to have supported that phase very well. This is the bedrock of getting good user appreciation and the company has very good reviews, which is a reflection on their support team. 

The company stresses that it has experts for every step of the way from pre-sales through the onboarding, and on to operations. While just about all companies put such a claim on their websites, the reactions of buyers show that in Didomi’s case, these are not just hollow words. 

Didomi UX

Examining the Didomi UX covers two entities. The first is the administration screens in the console for the system. This provides screens for setting up the Consent Management, Compliance Management, Preference Management, and Privacy Request units. It also gives access to live feedback on activities, analytical features, and reporting services. 

The setup process for a service is simplified by wizard-style screens. Each screen presents a limited number of options and this strategy prevents the administrator from feeling overwhelmed by all of the work that needs to be done. Many setup screens present a short menu of options and the user just has to click on which adaptations are required.

The operational system screens present charts and dials that make status recognition easier. All of the monitoring and reporting screens make good use of color.

The forms and screens that are presented to site visitors are variable in design and function. The layout and features in each presentation are largely up to the subscribing administrator, with templates controlling the overall content of each feature.

For example, the cookie consent popup can be presented as a straightforward on-screen notification in a Web browser:

It is also available in mobile format:

Forms can have illustrations added and interactive elements can be represented by check boxes or radio buttons.

In all user interfaces, Didomi avoids putting too many features on each screen. As can be seen in the example above, the company will split a form between screens to avoid placing many entry fields within a single view.

Customer reviews

To start with, we looked for reviews from small businesses. The Didomi platform seems to appeal more to large companies, so it was interesting to discover whether any smaller companies were reporting their experiences with the service.

This small business user extolls the dedication of the Customer Support team. Despite the fact that the package seems to be set up to calculate statistics incorrectly, this user is still impressed by Didomi and gave the platform four out of five. This user had an ongoing ticket for an unsolved problem with an integration that didn’t work. 

The lowest score given on the G2 review site for Diomi came from another small business. This reviewer gave only 1.5 stars out of five. While appreciating the interface and the cookie scanner report, this user, the business was frustrated to discover that the inclusion of Didomi elements in their site slowed it down and reduced their rankings on Google.

Once more, the user had praise for the technical, support group and a member of that team reached out to offer a solution. 

Taking a look at a typical review from a large enterprise, this user reports ease of use when navigating the screens, but difficulties did exist with the system. However, all of those problems have now been resolved.

Didomi Pricing

Didomi doesn’t provide its prices – you have to contact the Sales Department to get a quote. Although we don’t know the prices, we do know the plans. These show how the modules of the platform are bundled together. The plans are:

• Consent Essentials
  • Consent Management
  • Monthly cookie scanning for 10 domains
  • Basic support SLA
• Core Privacy UX
  • Consent Management
  • Monthly cookie scanning for 10 domains
  • Advanced scanning for GDPR issues
  • Compliance Monitoring
  • Preference Management for up to 150,000 users
  • Privacy Request
  • SSO for up to 10 console users
  • Basic support SLA
• Privacy UX Plus
  • Consent Management
  • Weekly cookie scanning for 25 domains
  • Advanced scanning for GDPR issues
  • Compliance Monitoring
  • Preference Management for up to 450,000 users
  • Privacy Request
  • SSO for up to 100 console users
  • Premium support SLA

As you can see, the Consent Essentials plan provides the bare minimum cookie consent management coverage for websites. This is probably the main attraction for the small businesses that are customers of the Didomi platform. 

Didomi's Strengths and Weaknesses 

We have scrutinized all of the modules of the Didomi cloud platform and examined how the provider slots them together in its plans. If you just want to manage cookie consent, focus on the Consent Essentials plan.

Here are the core pros and cons of the Didomi system:

Pros of Didomi:

• A basic plan for small businesses
• Extensive features for cookie consent management
• DSAR management in higher plans
• Highly praised Customer Support team
• Easy-to-use console
• Attractive graphs and analytical reports
• Compliance Health Score

Cons of Didomi:

• No prices
• No free trial
• The service’s widgets slow down page load performance
• A reviewer reports the system lost a site its Google rankings
• Glitches, as though the platform is still being developed
• Doesn’t perform sensitive data detection or categorization

Alternatives and Competitors of Didomi

We have a detailed breakdown of the top alternatives to Didomi but here are the top picks at a glance:

Enzuzo

Offers better pricing than Didomi with a solid set of features that covers consent management, GDPR compliance, DSARs, and enterprise options like data mapping and data governance. Solid customer support.

OneTrust 

Best option for enterprise clients with the compliance budgets to match. Includes top-notch data privacy features and world class consent management, but contracts start at $50,000 USD.

MineOS

AI-driven privacy features for forward-thinking customers. Does not include consent management, however.

Considering or evaluating Didomi? Learn more about how Enzuzo can meet your data compliance and governance requirements. Schedule a complimentary, 1-1 strategy call with a product advisor 👇