SOLVED

GDPR: Email Opt In = Data Processing Opt In

Go to solution
Highlighted
Level 7 - Champion

GDPR: Email Opt In = Data Processing Opt In

A few experts at webinars have mentioned that if your privacy policy is clear about what information is being processed, you can equate an email opt in with data processing opt in.

I was thinking about including a line about that in the form itself when someone goes to opt in, so that it's even more up front that if they opt into receiving emails, they are also giving permission for their data to be processed (with specifics about what that looks like in the privacy policy).

I've also seen people say these need to be two different fields and maintained separately, so you could have an email opt in that you cannot lead score, track links, geotarget, etc. because you didn't get data opt in permission.

What are you setting up? Any advice or someone who can say one way or the other?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: GDPR: Email Opt In = Data Processing Opt In

Hi Christina,

This is really a decision that your company needs to make. The GDPR says that both consent have to be given, but it does not say that they have to be given separately, only that they have to be well informed. Most of my customers here in France are combining the 2 in one opt-in.

The problem IMHO, is elsewhere : if the person does not give the combined consent, you are not supposed to keep them in Marketo. You are not even supposed to let them enter Marketo, in all rigorousness. So the minimum would be to anonymize them and, if you really want to be 100% compliant, to erase them, as for the moment anonymization cannot be total. See

-Greg

View solution in original post

1 REPLY 1
Highlighted

Re: GDPR: Email Opt In = Data Processing Opt In

Hi Christina,

This is really a decision that your company needs to make. The GDPR says that both consent have to be given, but it does not say that they have to be given separately, only that they have to be well informed. Most of my customers here in France are combining the 2 in one opt-in.

The problem IMHO, is elsewhere : if the person does not give the combined consent, you are not supposed to keep them in Marketo. You are not even supposed to let them enter Marketo, in all rigorousness. So the minimum would be to anonymize them and, if you really want to be 100% compliant, to erase them, as for the moment anonymization cannot be total. See

-Greg

View solution in original post