Anyone that is doing business globally, surely has GDPR on their mind. We had a steering committee call this morning and one of the topics that came up was around "consent management". Specifically the following:
I'd be very interested in any items on Marketo's roadmap that deal make it easier for its customers to comply with GDPR.
Good question I'm glad you are bringing it up.
I'm curious too, as we are marketing pretty heavily in the EU.
Dan Stevens or anyone else, are you starting to make any changes on your EU lead gen forms? Disclaimers, opt in buttons or anything?
Hi Darrell - we're about to deploy opt-in functionality on all of our forms (not just those where strict anti-spam legislation exists). Similar to the opt-in checkbox/language that you see here on our Canada contact-us form: Contact Us | Avanade Canada
I'm still going through some legal reading to figure out a full path forward, but thus far the only thing that seems significantly different that I haven't seen mentioned thus far is explicitly capturing the consent language presented to the person at the time they opt-in.
There's some more specific bits around DPO delegation, notifying about third parties who send communication on your behalf, rewording of legal consent language, but those aren't nearly as universal and only selectively apply to companies.
I am particularly interested in the fact that third parties can revoke consent on behalf of others, which may lead to opt-out registers--and managing all of that is going to be very interesting to say the least.
Once the Canadian CASL law was becoming imminent, we implemented a whitelisting and double opt-in campaign for Canadian customers and prospects that we are now rolling out across the EU. We added the second opt-in field and a datestamp to the database to record it.
I didn't know the piece about country of citizenship. That's an important consideration that I'll share back with my team. I look forward to Marketo's response here. Thanks!
Hi Trish - we use a similar approach for our opt-in process (you can see our detailed approach in this thread: Re: Express Opt-In Checkbox on Forms - CASL Compliance). But that does us no good if we are forced to delete the lead record (where all of this data exists). I suspect we'll just need to create a formal process to capture these sorts of requests outside of Marketo.
It's a fun requirement, isn't it? The "right to be forgotten" has an implicit requirement that we remember you - just everything about you. I'm looking at a combination of CRM + external data store to keep this information, but I'm surprised there's been nothing from Marketo on this, or a more formal opt-in/out structure in general.