As part of our GDPR prep, I have come up with few scenarios on how we obtain and could process our data in compliance with GDPR. I would really appreciate your inputs and correct me if I am doing something wrong.
Below are the fields that I have created for this purpose.
GDPR Consent date and time
GDPR Consent purpose
Online Lead: Web forms and Marketo forms
Offline Lead: Manual uploads
All our Marketo and web forms will have a Checkbox and we will update the above field values if the checkbox is marked. However, I stumbled on few scenarios that I have listed below:
Ex: I have a lead who filled out our Marketo form and provided consent and the GDPR values were updated as True etc. In future, if I get the same lead as part of a tradeshow upload or if they fill out our web form, system would override previous value with the new one. Is this ok or should we maintain history by creating additional fields and append all the data for auditing purposes.
Lots of potential issues. Depends on how you want to handle it.
Thanks for your response Josh.
Our CMS pushes into List and is not captured as Form fill.
Could you provide with the list of additional fields and recommended approach to take here. Will i need any other field additionally to what you have suggested "Ok to Email"
I would highly appreciate if you could share your rules so i can replicate some of them for my scenarios.
In addition to what Josh provided, you'll want to be familiar with this as well (since some of this log data is purged after 90 days - and therefore, it will be up to you to capture this in another data warehouse for longer term auditing purposes):
Thanks for pointing that out. I am aware of this and will definitely have to take that into consideration. Do you suggest having some jobs to pull data either using Zap or exporting it into either a db as i think spreadsheet might not be scalable solution.
Hi Vineela Maram
1) It depends if you have Legitimate Interest to retain and process the data. You will need to conduct a Legitimate Interest Assessment with your legal team. For more insights, see my post: Is Legitimate Interest a Legitimate Loophole for GDPR Consent?
I hope this helps,
Thanks for your reply.
I was leaning towards the second option to override the previous consent value and with the latest one. However, to be on a safer side, i also plan to create additional history fields that could capture this information incrementally and have them appended.
Still have to figure out best way to export and maintain this data at our end.
I would definitely be interested to see how others are implementing rules. Hope to get more ideas during the summit.
We will be having a GDPR meetup on Monday, 4/30 at Summit. 12:15 in the lunch area - we're reserving tables in the back toward the bathrooms. Hope to see you there!