GDPR and Privacy: "anonymize person" flow step

GDPR and Privacy: "anonymize person" flow step

As part of the GDPR, we need to get consent from people in order to be able to keep their data. If someone registers to download a white paper but does not opt-in, we are supposed to delete any reference to the person. This means deleting it or anonymize it.

One very big issue with this is that when we delete the person, it is automatically deleted from all reporting.

The work around this is to anonymize the person, since it is accepted that we keep anonymous information in our systems. We can easily replace the first name, last name or email address in the database with "John Doe" or "Anonymous Person". But there are some information that cannot be manipulated from a smart campaign:

  • Cookie IDs attached to the person
  • Inferred and system data such as the IP address
  • Data value changes in the activity logs
  • Fills out form in the activity logs

Furthermore, relying on users to run data value changes is error prone.

It would be very helpful if a new "anonymize Person" flow step was created.

In the field management, we would be able to define which fields should be anonymized, and what would be the anonymous value for each of them (for instance, we would define that the anonymous value for first name would be "Anonymous" and for last name it would be "Person", and NULL for the email address).

Then, when running the "Anonymize person" flow step, Marketo would automatically replace all the fields set in the admin with their anonymous value, cleanse the system fields that could be considered as personal Ids and also cleanse all the DVC activities (either deleting them or replacing all values with their anonymous counterpart).

-Greg

57 Comments
Abaran
Level 5

Thanks Sandford. appreciate the feedback. This is good information to know.

Chloe_Pott
Level 4 - Champion Alumni

Very interesting proposal. I like it. CC Georgina DrakeJon Blumenfeld

Grégoire_Miche2
Level 10

Bonjour Chloe,

You might also want to have a look here: Marketo GDPR Compliance-a summary of key ideas

-Greg

Grégoire_Miche2
Level 10

Another place where the ancient values are visible are in the details of some activity logs:

  • Fills out form
  • SFDC Update
  • ...

-Greg

kh-lschutte
Community Manager
Status changed to: Open Ideas
 
Yaron_Meiner
Level 2

I think that after two years it does not look like marekto is eager to make this happen. I don't see a way to remove personal details completely without deleting the record.

 

StellaS
Level 1

I know it's a rather old thread but has anyone found a solution in the meantime? Or is 'deleting' still the only way to stay GDPR compliant?