I, too, am surprised of the lack of info from Marketo. During our steering committee call, we were ask to get Marketo's PoV and a roadmap of enhancements/changes to help their customers comply with GDPR come next May. Unfortunately, I was able to provide nothing. I'd have to think a good percentage of their customers will be impacted by this - even those that don't physically reside in Europe. Just look at the number of views this thread has received.
I was having a conversation with our NA Marketing leader this morning - since GDPR is going to impact them now (primarily in the US, as CAN-SPAM will be replaced with GDPR). She just finished up an Ethics call and noted - while we were discussing how this could have huge economic impacts across the world (fines of $20,000,000 or 4% of global revenues - whichever is larger - for each offense) - there will be dedicated people/prosecutors in place to actively find/determine who is in violation. These folks will be compensated on a commission type plan and therefore will be motivated to find offenders. It's going to be like a witch hunt!
I'm trying to get some more clarification on my first bullet in my original post (around country CITIZENSHIP vs. RESIDENCY). Actually our GDPR program manager is asking where they interpreted this, given the main document/FAQ includes the following:
More to come as I hear back from our team. All I can think is that our legal team - where we're bound by our parent company's (Accenture) mandate - is taking a risk-adverse approach here so that there's no chance of us violating any of the regulations. For example, having an email accidentally be sent to someone who has indicated in their lead record that they're not from an EU country, when in fact they are. In this case, I wonder if we would be protected based on the information contained in the record (depending if the data was submitted by the recipient; or collected through some third-party source (e.g., entered into CRM by a sales executive).
Here is an additional response from our legal counsel:
I'm very surprised by the scenario highlighted in yellow. I wouldn't think that would apply since the person is not a citizen, nor a resident of the UK.
I replied back with the following (highlighted in yellow) and got another somewhat confusing response:
Someone just shared this article with me - wow, is this an eye-opener!
huge economic impacts across the world (fines of $20,000,000 or 4% of global revenues - whichever is larger
I heard last week from a source in a leading Silicon Valley tech company that they and others are planning on mailing their entire database to update their preferences and risk the fines now as they are so low compared to after GDPR comes into law. Loads of companies will have to wipe the majority of their databases if they cant prove if they have opted in or not. Fun times ahead!
I just voted also - thanks, Dan.
I learned this week that one of our attorneys is already on the case and has gotten approval to have a contractor specialized in compliance come in and audit current practices and provide recommendations as to what needs to be done to be ready. I'll share more information as it's available.