The GDPR compliance deadline is looming…have you prepared for the different data rights scenarios in your database?
It is likely that within your database, you’ll have varying levels of data processing rights. Common scenarios you’ll need to account for in your data rights center Marketo program:
There are many options and your data rights center needs to accommodate all the scenarios.
Building a Data Rights Center
Just as you have a subscription center in Marketo, you’ll also want to build out a data rights center, detailing the rights you have to retain and process data, encompassing the scenarios previously mentioned.
To do this, there are a number of fields I find helpful and useful to retain:
If this sounds like a lot, it is. But remember, GDPR loves documentation! If you’re ever subject to a compliance inquiry, you’ll be in a better position by having a complete data trail.
Data Rights Campaigns
In the example above, these fields are populated if you have full data consent acquired with opt-in email consent. You would use something like this flow for populating fields with either consent or legitimate interest.
When setting up the smart list, remember, email consent CAN constitute data consent. And if you are claiming legitimate interest, be sure to consult with your legal team first. If going this route, you would set up a similar smart campaign for legitimate interest as defined with legal, such as legitimate interest via sales activity or an active contract.
In the data flow, populate each of the fields outlined. In this example, the data rights source is populated with the email opt-in source description. Then in the notes, categorize this as “opt in email consent.” It’s useful to have different fields for source and notes as the source could explain why you have legitimate interest or where consent came from. You can then populate your notes section with common phrases you can use in filters, such as “limited processing consent - no scoring” or “retain for 30 days only”. This helps adapt to the various data rights scenarios.
When establishing rights lapses: time stamps are important-- review consent date and most recent engagement. You might discover it’s time to send a whitelisting or wake the dead nurture to these records! If consent or legitimate interest does lapse, you’ll need campaigns to properly process the records, either deleting or marketing suspending them as appropriate.
Building a Preference Center to Manage Individual GDPR Rights
Finally, you’ll also want to build a Preference Center to automate how you’ll process requests from consumers exercising their individual GDPR rights, including:
Want more actionable tips plus other helpful GDPR resources?
Download our Ultimate GDPR Toolkit, which contains:
Get your copy now...it’s free! http://bit.ly/2wvF1OZ
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.