Not applicable


Hi All,

I know Marketo has some tips for GDPR (like the link below) but I don't think they have yet produced a comprehensive and detailed document highlighting key points to take into consideration and how these will translate into measures in Marketo. I've put this suggestion in Ideas but it would also be good to see which sources are you using to get more clarification on actions needed to be taken in MKTO.

So far I've been getting most from these sources:

ICO: Data protection reform | ICO

MKTO: Marketo and the General Data Protection Regulation

Any other suggestions?


Tags (3)
Level 5


Hi Macarena Mazzeo​,

Please refer to these links and attachments :

Double opt-in Process for Germany & Best Practices

CRMT's GDPR Bootcamp for Marketers Sept 2017

Hope this stuff would really help for your query !!

Thanks & Regards,

Akshay Pant

Not applicable


Hi Akshay,

Thanks for the above, very useful!

Level 10 - Champion Alumni


One area that seems to be often overlooked is around cookie consent.  Most are focusing their efforts around email - and ensuring proper opt-in consent exists.  IMO, the laws around cookie consent can be most detrimental - especially if it limits our ability to track engagement (Munchkin tracking, Google Analytics, email click tracking, etc.) across our digital channels/tactics.  If we have to ask for specific consent for first time visitors (still being determined), this will significantly impact the overall user experience as users engage with our content.  Think about it - would you, personally, provide specific consent on every site you visit; or just move onward without providing your consent for the multiple cookies that exist on every site (and be non-trackable)?  Probably the latter.

Just this week, we had a demo from OneTrust on their cookie consent tools.  You've probably seen their tools before - but they've taken a lot of the legwork (vs. a custom developed solution) out of providing what we hope will be a GDPR compliant solution for cookie consent:

Not applicable


Hi Dan,

Definitely something to look into that I haven't thought about as much as I should. Thanks for this.

Level 10


Hi Dan

Thx for the lead on Onetrust


Level 5


Hi Dan Stevens,

Thanks for all of your input in the community around this subject. Only a small fraction of our database is in the EU and we currently don't have any customers there (and don't plan to in the foreseeable future). Based on your comments and what I've read about GDPR cookie consent, it really does sound like Munchkin and other cookies would need to be disabled for EU visitors and only activated with their consent. This gets tricky as disabling cookies would also prevent us from tracking their IP address to see if they are from the EU in the first place!

Is disabling Munchkin by default something that can be done within Marketo or is a third-party vendor pretty much required to do this?

Level 3


I have received an update from our external German-based legal advisers who are acting as our Data Protection Officer prior to the Xmas break, during which he pointed out to me that there is a significant issue in the way Marketo data capture typically wants to operate.

One of the new requirements of GDPR is to not enforce the unnecessary data capture of fields not required for the processing of the request. What this means in practice, he suggested, is that you can no longer make mandatory field data capture that would typically be generated for White Paper access (ie Name, Company, Country etc) - you can only make Email address mandatory based on the principle that you then deliver the white paper via an email back to the registrant. You can still have all of these fields on your form, you just cant make them mandatory - and of course you need to make email marketing consent a separate opt-in to consent for storage.

Therefore you have the prospect of having to give away all of your gated content in return only for an email address, which could potentially only be used for the delivery of the gated item, before you have to throw the address away...

- Of course there is the argument that this will improve data quality of those consenting, but will see a significant drop in numbers.

However, he did suggest there is an alternative data model. The 'Facebook' approach. This requires the user to sign up to a user account / login prior to getting access to services/resources. As part of this approach in return for your services (i.e. gated content) you can require the registrant to complete their details and consent to storage in order to access the gated content.

- note, you still cant enforce email marketing, this remains a separate opt-in, and you must still offer an opt-out of consent (right to be forgotten etc).

Having only recently signed with Marketo, this news is quite alarming to me.

- Has anyone else's legal counsel come to similar / same conclusions?

- Are there use cases / references of how Marketo can be used under a User Account based model integrated into a WordPress website?

Many thanks.


Level 10 - Community Moderator


- Has anyone else's legal counsel come to similar / same conclusions?

Sure, we too have heard the "pro bono customer" model. I'm a little dubious as to whether it holds up if you are not continually creating conten, but if your legal team vouches for it then you do not personally have to worry.

When using Marketo with CMS/extranet user communities, you'd use the Munchkin API associateLead method to associate Munchkin-tracked web sessions with the logged-in user. This requires that you add your Munchkin secret key (and a little bit of associated code) to the CMS. (The secret key itself never appears in a web page.)