The cost of non-compliance: fines, lost conversions and the ROI of a CMP
Many companies see consent as a compliance expense, a legal box to tick reluctantly. The reality is that not having a CMP costs money on two fronts at once: legal risk and lost marketing performance. Let's look at the numbers, because once they're on the table the math becomes obvious.
Cost 1: the penalties
The GDPR allows fines of up to 4% of global annual revenue or €20 million, whichever is higher. And it's not theoretical: the Swedish authority imposed €15 million on pharmacy chains for using the Meta pixel without consent. In LATAM, Colombia's SIC sanctions data processing without valid authorization.
But the fine is only the visible part. Add:
- Reputational damage: a privacy sanction makes the news and erodes trust, hard to win back.
- Legal costs of defending yourself and remediating the breach against the clock.
- Class actions, increasingly common in privacy.
Cost 2: the conversions you don't see
This is the cost almost no one calculates, and it's often larger than the fine risk. Since July 21, 2025, Google applies automated enforcement: without valid consent signals, tracking, remarketing and reports are silently disabled for EEA/UK traffic. You lose data without any warning, and your investment decisions are made blind.
The other side: what you recover with a CMP
A well-implemented CMP with Consent Mode v2 in advanced mode doesn't just protect you: it recovers revenue that would otherwise evaporate.
| Recovery source | Typical gain |
|---|---|
| Conversion modeling (Google Ads) | +15-25% reported conversions |
| Behavioral modeling (GA4) | Up to 70% of lost attribution |
| Remarketing audiences | Kept alive with consent |
| Fine risk | Avoided |
How to calculate your ROI
Let's put it in a simple three-part formula:
- Risk avoided = probability of sanction × potential fine amount.
- Recovered conversions = % of traffic that rejects × modeling uplift × average conversion value.
- CMP cost = the annual investment in the platform.
Illustrative example: an e-commerce with 100,000 visits/month, a 50% rejection rate and an average conversion value of €40. Recovering even 15% of those modeled conversions is thousands of euros a month — multiply by twelve and compare it to the annual cost of a CMP. In most cases, the recovered conversions alone already far exceed the cost, before even counting the legal risk avoided.
The opportunity cost of waiting
There's a fourth, silent cost that appears on no invoice: that of waiting. Every month without a CMP in advanced mode is a month of conversions that aren't modeled, remarketing audiences that don't grow and Smart Bidding that's worse fed. That lost data is not recovered retroactively: modeling needs history, so the sooner you start, the sooner you build the base that improves your estimates. Postponing the decision "until you have time" usually costs more than the platform itself, because the cost is paid in revenue you never got to see. Put differently: the best time to implement a CMP was when Google announced the change; the second best time is today, before next quarter is measured blind too.
What to look for when choosing a CMP
Not all platforms are equal. Prioritize:
- Google Consent Mode v2 compliance with all 7 parameters.
- Automatic scanner for cookies and trackers that stays up to date.
- Proof of consent (legally valid certificates).
- Multi-jurisdiction coverage (GDPR, Law 1581, LGPD…).
- Fast setup, good performance (it shouldn't slow your site) and support in your language.
Conma brings all five together and is built for the Spanish-speaking market. Start by understanding the legal framework that applies to you and how Consent Mode v2 protects your data.