SOLVED

Re: Marketo technical GDPR questions

Go to solution
Anonymous
Not applicable

Marketo technical GDPR questions

Hi guys,

I've been asked by our legal team at the company about how Marketo technically complies to the GDPR

  • Access Control: Who is accessing the data and it is from the office or at home? Should it be allowed only at the office?
  • Logs: For how long can we keep the logs of a record?
  • Is the data being encrypted when saved or it can be stolen as plain text for being in the cloud?
  • Deletion of inactive leads after certain time is a must?

Regards,

Raúl

1 ACCEPTED SOLUTION

Accepted Solutions
Grégoire_Miche2
Level 10

Re: Marketo technical GDPR questions

Hi Raul,

answers below

Access Control: Who is accessing the data and it is from the office or at home? Should it be allowed only at the office?

Admin cannot be restricted. All other users can through IP filtering (see admin->login settings)

Who can access and export the data depends on how your roles are set. Look there, there is no standard answer to this, you will have look into the roles and see who can access to the database, and export data. Standard roles have been documented a year ago here: Roles Documentation

Logs: For how long can we keep the logs of a record?

Look at Marketo Activities Data Retention Policy - Overview & FAQ

Is the data being encrypted when saved or it can be stolen as plain text for being in the cloud

Marketo offers a Database encryption option. Pretty expensive, though. Otherwise, all traffic between the UI and the servers are HTTPS encrypted and you should consider also getting the HTTPS option for your landing pages, if you have not done so yet

Deletion of inactive leads after certain time is a must?

Yes, but this is your responsibility as a marketer, not Marketo's

-Greg

View solution in original post

2 REPLIES 2
Grégoire_Miche2
Level 10

Re: Marketo technical GDPR questions

Hi Raul,

answers below

Access Control: Who is accessing the data and it is from the office or at home? Should it be allowed only at the office?

Admin cannot be restricted. All other users can through IP filtering (see admin->login settings)

Who can access and export the data depends on how your roles are set. Look there, there is no standard answer to this, you will have look into the roles and see who can access to the database, and export data. Standard roles have been documented a year ago here: Roles Documentation

Logs: For how long can we keep the logs of a record?

Look at Marketo Activities Data Retention Policy - Overview & FAQ

Is the data being encrypted when saved or it can be stolen as plain text for being in the cloud

Marketo offers a Database encryption option. Pretty expensive, though. Otherwise, all traffic between the UI and the servers are HTTPS encrypted and you should consider also getting the HTTPS option for your landing pages, if you have not done so yet

Deletion of inactive leads after certain time is a must?

Yes, but this is your responsibility as a marketer, not Marketo's

-Greg

Anonymous
Not applicable

Re: Marketo technical GDPR questions

Hi Greg,

Thanks a lot!