I'm curious what people are doing with their opt-in information. Is the opt-in data being stored in SF as the system of record? We are debating whether we need to create new fields in SF to store the opt-in acceptance and date. By default, if they fill out the form with the opt-in checkbox, we know they opted-in. But there is a sense this should be capturedd and stored in SF. And the SF admin does not want additional fields unless really necessary. Any recommendations would be greatly appreciated.
Thanks to Gregoire Michel for providing this answer (and recommending a fresh post).
Marketo is better system of record than SFDC, because it does a better job in loging the source of the consent. Fills-out form activities in Marketo provide detailed data abut date time, all the values entered AND the ip address. It cannot be tempered with, meaning that it can be used as a proof of consent. In SFDC, depending on the rights, it's almost impossible to guarantee that you will not end up with someone being opt-in without a proof of their consent.
in addition to the reply you copied above, I would add that yes, you can, and probably should, add these fields in SFDC, but you need to make sure they cannot be updated by anyone but a few users and the Marketo sync user and also make them "history fields" so that you can trace any change to these fields, as unauthorized changes could engage the company's responsibility with regards to the GDPR or California's new privacy law.