GDPR Standard implementation guide (web)

Sourcepoint offers messaging capabilities for multiple regulatory and non-regulatory frameworks. These messages are surfaced to your end-users in accordance with the campaigns (and scenarios) that you enable for the property. 

In this article, we will walk you through the essential steps to launch your GDPR Standard messaging campaign on your web property. 


gdpr standard.jpeg

Portal configuration

Use the table below to track the necessary configurations that need to be performed within the Sourcepoint portal before adding the required code onto the property and launching your GDPR Standard campaign. 

  Note: There are certain optional steps/configurations that are not represented in this tracker such as property groups, dynamic language support, etc...

Step Resource(s)
1 Create new property
2 Create GDPR Standard vendor list
3 Edit GDPR Standard vendor list
4 Create GDPR Standard privacy manager
5 Create GDPR Standard first layer message
6 Create GDPR Standard scenario
7 Create GDPR Standard partition set

Install GDPR Standard Sourcepoint code on property

When you have completed the portal configuration for your property, click Properties on the left-hand panel and select Properties from the subsequent menu. 


Click <> inline with the property name.


Use the dropdown menu to select GDPR Compliance and enable the checkbox for GDPR Standard. 

The implementation code snippet will automatically populate in the provided space. Click Copy Code and add the implementation code snippet to your property. 

  Note: Click here for best practices on how to implement the Sourcepoint implementation code snippet to optimize message loading time.

Screenshot 2024-01-29 at 9.11.40 AM.png

The Sourcepoint GDPR Standard implementation code snippet is comprised of two scripts. Review the sections below for additional information and possible configuration options to suit your organization's use cases.   

Complete Example
    window._sp_queue = [];
    window._sp_ = {
        config: {
            accountId: 1234,
            baseEndpoint: '',
            gdpr: { 
                includeTcfApi: false 
            events: {
                onMessageChoiceSelect: function() {
                    console.log('[event] onMessageChoiceSelect', arguments);
                onMessageReady: function() {
                    console.log('[event] onMessageReady', arguments);
                onMessageChoiceError: function() {
                    console.log('[event] onMessageChoiceError', arguments);
                onPrivacyManagerAction: function() {
                    console.log('[event] onPrivacyManagerAction', arguments);
                onPMCancel: function() {
                    console.log('[event] onPMCancel', arguments);
                onMessageReceiveData: function() {
                    console.log('[event] onMessageReceiveData', arguments);
                onSPPMObjectReady: function() {
                    console.log('[event] onSPPMObjectReady', arguments);
                onConsentReady: function (consentUUID, euconsent) {
                    console.log('[event] onConsentReady', arguments);
                onError: function() {
                    console.log('[event] onError', arguments);
<script src="" async></script>   

Client configuration script

The client configuration script contains your organization's specific account configuration parameters. This configuration includes the necessary and optional parameters for your property to communicate with the Sourcepoint messaging platform and consent service libraries.

Currently, there are three required parameters to successfully deliver an end-user notification:

Required Parameter Description
accountId The accountId value associates the property with your organization's Sourcepoint account. Your organization's accountId can be retrieved by contacting your Sourcepoint Account Manager or via the My Account page in your Sourcepoint account.

A single server endpoint that serves the messaging experience.

  • For GDPR TCF, U.S. Multi-State Privacy, U.S. Privacy (Legacy), GDPR Standard, and Custom Messaging, the baseEndpoint is

  Note: The baseEndpoint can also be changed to a CNAME first-party subdomain in order to persist first-party cookies on Safari web browser (due to Safari’s ITP) by setting cookies through the server with set-cookie rather than using document.cookie on the page.

gdpr object with includeTcfApi property set to false

Ensures that campaign being set is GDPR Standard and not GDPR TCF. 

In addition to the required parameters (above), your organization can further implement additional parameters and customizations in the code snippet for different use cases. Follow the resources below for additional information

window._sp_queue = [];
window._sp_ = {
    config: {
            accountId: 1584,
            baseEndpoint: '',
            gdpr: { 
                includeTcfApi: false 

URL to messaging library

The final script is a URL that points to Sourcepoint's messaging libraries. The default URL is as follows:

Campaign(s) Description
  • GDPR Standard'

This script only needs to be included once regardless of how many different types of messaging campaigns you run on the property.

  Note: If your organization has edited the baseEndpoint with a CNAME DNS record you will also need to edit the URL. Please follow the following format if necessary:


In the developer console, the URL to the messaging library can return the following regardless of whether a message was shown to the user:

Console Description
Messaging without detection successfully executed The script, messaging without detection, has successfully fired. It does not indicate that a message was shown to the end-user.
interaction complete The interaction with our, messaging without detection script, has concluded. It does not indicate that an end-user interacted with a message.  


Install resurface privacy manager code on property

Many organizations will want to add a button/link onto their web property that allows an end-user to resurface the privacy manager so they can manager their consent preferences on an ongoing basis. 

Most organizations who implement the JavaScript code on their page will attach the function to the onclick event of a page element. Click here for more information on how to retrieve the privacy manager ID and implement the JavaScript code. 

GDPR Standard API

In addition to the GDPR Standard Sourcepoint code that is added to your property, your organization can leverage Sourcepoint designed APIs to further customize and test your implementation. Information on these commands be found in our developer hub:

GDPR Standard API

Launch campaign

With the property configured in the portal and Sourcepoint's implementation code snippet added to the web property, your organization can now launch a GDPR Standard campaign on the property and test the end-user flow.

Step Resource(s)
Launch GDPR Standard campaign
Test end-user consent
Was this article helpful?
1 out of 1 found this helpful



Please sign in to leave a comment.