We are working in how we can proceed when a user request the revoke consent of their data. So is Marketo implementing a feature (if not done yet), to obfuscate a record or set it as read-only or similar?
The idea goes beyond that only mark it as unsubscribed, but to set it disabled or read-only.
The response to this is not obfuscation or read only, it's anonymization. When someone asks to be removed, you really need to be able to remove any way to recognize that person, so making it read-only is not good enough. Obfuscation or deletion would have the drawback to also remove the data from all reports.
See here: , including Dan Stevens' links to some articles.
And as far as I know, Marketo isn't working on any new features to help us become more GDPR compliant by May 25 (most of their engineers are tied up in working on the new UX). Instead, it's up to each customer to create the customizations, processes, etc. required for compliance.
Agreed with Nicholas, if you cannot anonymize, you will have to delete it. Keeping the data, even "read only" is a breach of the regulation.
It's also important to have all of your processes/assets fully documented in a central platform (we're using OneTrust - which will also store the PIAs (Privacy Impact Assessments) for everything, should the authorities come knocking on our door). The reason being, the data could exist in several other platforms beyond Marketo. For example, the record may be synced to CRM; may exist in a separate data warehouse for advanced BI analysis; may exist in a Launchpoint's partner DB; etc.). It's complicated.
That is correct, every platform manager is documenting its own processes for the compliance and then we need to meet and define a global approach, it is in fact a very hard implementing process not for the requested but to ensure everything is covered.