Re: GDRP: revoke consent process

Anonymous
Not applicable

GDRP: revoke consent process

Hi guys,

We are working in how we can proceed when a user request the revoke consent of their data. So is Marketo implementing a feature (if not done yet), to obfuscate a record or set it as read-only or similar?

The idea goes beyond that only mark it as unsubscribed, but to set it disabled or read-only.

Thank you!

Regards,

Raul

8 REPLIES 8
Grégoire_Miche2
Level 10

Re: GDRP: revoke consent process

The response to this is not obfuscation or read only, it's anonymization. When someone asks to be removed, you really need to be able to remove any way to recognize that person, so making it read-only is not good enough. Obfuscation or deletion would have the drawback to also remove the data from all reports.

See here: , including Dan Stevens' links to some articles.

-Greg

Dan_Stevens_
Level 10 - Champion Alumni

Re: GDRP: revoke consent process

And as far as I know, Marketo isn't working on any new features to help us become more GDPR compliant by May 25 (most of their engineers are tied up in working on the new UX).  Instead, it's up to each customer to create the customizations, processes, etc. required for compliance.

Anonymous
Not applicable

Re: GDRP: revoke consent process

thanks guys for the quick responses, but regarding to this request, what are you guys doing?

Thank you!

Nicholas_Manojl
Level 9

Re: GDRP: revoke consent process

Delete person from Marketo flow step.

Grégoire_Miche2
Level 10

Re: GDRP: revoke consent process

Agreed with Nicholas, if you cannot anonymize, you will have to delete it. Keeping the data, even "read only" is a breach of the regulation.

-Greg

Anonymous
Not applicable

Re: GDRP: revoke consent process

Thank you guys, it seems like this is the only way to really comply with the regulation when a user request it, right?

Dan_Stevens_
Level 10 - Champion Alumni

Re: GDRP: revoke consent process

It's also important to have all of your processes/assets fully documented in a central platform (we're using OneTrust - which will also store the PIAs (Privacy Impact Assessments) for everything, should the authorities come knocking on our door).  The reason being, the data could exist in several other platforms beyond Marketo.  For example, the record may be synced to CRM; may exist in a separate data warehouse for advanced BI analysis; may exist in a Launchpoint's partner DB; etc.).  It's complicated.

Anonymous
Not applicable

Re: GDRP: revoke consent process

That is correct, every platform manager is documenting its own processes for the compliance and then we need to meet and define a global approach, it is in fact a very hard implementing process not for the requested but to ensure everything is covered.