Curate vendor list with Diagnose (GDPR TCF)

  Note: Ensure that Diagnose has been activated for your Sourcepoint account and that scans have been configured appropriately before continuing with any curation.

In this article, we will cover how to leverage Sourcepoint Diagnose to curate better GDPR TCF vendor lists. 


When the IAB first introduced the Transparency and Consent Framework (TCF), the programmatic landscape was incredibly fragmented with no absolute way to know for certain which vendors and third-parties were triggering on a property. In response to this uncertainity and to be compliant with TCF v2, many publishers who adopted the framework saw adding the entire IAB Global Vendor List (GVL) to their property as an easy solution to protect itself for present but undeclared technologies on their property

However, we do know that the IAB GVL is now over 1000 vendors long and incorporating all of these vendors will have a significant impact on performance. In addition to performance issues, adding the entire GVL to a property's vendor list is not in the spirit of GDPR's data minimization principle which states:

“A data controller should limit the collection of personal information to what is directly relevant and necessary to accomplish a specific purpose.”

General Recommendation

The recommendation we give to clients is that you should aim to have no more than 300 vendors in your vendor list. Additionally, your organization should develop a routine of analyzing and improving your property's vendor list every 6 months.

Some benefits of utilizing a shorter vendor list include:

  • Lighter consent string
  • Faster load times for the CMP and ads
  • Lower chance of unknown vendors referred
  • Lower chance of large cookies being dropped which impacts performance
  • Lower chance of dropped ad requests due to size of the consent string

Export Disclosed vendors dashboard

To curate your GDPR TCF vendor list, we will be utilizing an export of the Disclosed vendors dashboard to perform an audit of existing partners on your properties.

Navigate to the Disclosed vendors dashboard in your organization's Diagnose account. Click Dashboard from the left-hand rail and select Disclosed vendors from the subsequent menu. 


Use the provided fields to select a large range of properties (or ALL properties) that you are scanning and a date range of 6-8 weeks.

  Note: A date range of 8 weeks should give your organization a representative sample size but please be aware that there could be some seasonal partners who are not necessarily triggering during your selected range. Analyze your results carefully with your commercial teams.


 Data Timeout

It may take some time for your data to populate in the dashboard due to the number of properties and date range used in your audit. In the event of an error message that the data has timed out, your organization can refresh the page (Ctrl+R/Cmd+R). Refreshing the page should fix the error and your data should load in the dashboard.

With the dashboard populated, navigate to the Detailed Breakdown section and click the Download icon.


A CSV file will be downloaded onto your local machine. 

Audit partners for removal

The downloaded CSV file of the Disclosed vendors dashboard will be used to audit the list of partners on your properties. The goal of the audit is identify partners that either:

  • Add value
  • Do not add value
  • Could add value

Audit your downloaded CSV file using 0% prevalence or 0-10% prevalence.

0% prevalence 0-10% prevalence

Start your audit by filtering out vendors who have 0% prevalence across both your properties and benchmark properties.


These vendors have made 0 network calls during the time frame selected and most likely do not add value to your site. It can be the case that there are 200+ vendors on your property that fall into this bucket.

We recommend you work with your commercial team to identify and parse these vendors into a "known" and "unknown" list. Next, develop a plan to remove all the vendors in the "unknown" list from your property's vendor list in accordance with a preferred timetable.

  Note: Click here to learn more about how to remove vendors in bulk from your GDPR TCF vendor list.

Timetable Description
Remove immediately

Most publishers experience insignificant revenue loss when removing 200-300 vendors in a single action. Work with your commercial teams to monitor the impact of this change over the course of a week.

Remove in stages

Remove 25-50 vendors every week for 4 weeks until the list has been reduced to known vendors.

This can be more of a conservative approach as it provides more control and visibility across the vendors that you remove. This method also makes it easier to add vendors back if revenue decreases significantly. Keep in mind that this method also takes the most time and will require dedicated resources over the course of 4-6 weeks.

Audit partners for revenue opportunity

In addition to identifying vendors that add little to no value to your property, the Disclosed vendor metric can also enable your organization to identify potential revenue opportunities based the vendors's prevalence within the market. Investigate vendors with a low prevalence on your property, but high prevalence on your benchmark properties.


These vendors can be partnership opportunities that are in place on your competitor sites and could be increased on your own.

Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.