Marketo GDPR Compliance-a summary of key ideas

Grégoire_Miche2 · ‎03-10-2018

Long time since I last compiled a list of ideas. At this point in time, as GDPR is now less than 3 months away and since everybody recognises that this is not just a EU issue, here is a list of existing ideas that we would really need to see implemented in order to make Marketo a tool that really helps marketers to be and remain compliant

Starting with information capture:

Admins should be able to force users to add an opt-in field to a form. Vote for
Also, reordering the fields freely even when we use progressive profiling should not require Javascript. Vote for (Thx Margaux Lepine )
Capturing opt-in information should also be feasible in the event app. Vote (Thx Gunjan Batra )
Capturing cookie value should not require JS: Vote
We also need to make email click detection more reliable than it is, due to link scanners, since we rely on these events to validate double-opt-in. See

We also need to securely be able to process the double-optin, and therefore see removed the flaw inherent to the usage of triggers + filters in "person is created" smart campaign. See

Continuing with information storage compliance:

It should be possible to anonymize data entries so that we can remain compliant when someone does not agree to be in our database and still get accurate reporting. Vote
Furthermore, since Marketo email system controls strictly the opt-out, synchronizing our optin field and the unsubscribe one should be a no-brainer. Vote
When we update some's email address and this perso is unsubscribed, Marketo should not automatically re-subscribe the person. This is a serious compliance breach. See (Thx Courtney Grimes )

We also need more flexibility and control on how we can arrange forms:

It should be possible to move fields below the progressive profiling, especially the opt-in field: (Thx Edward Masson ), and
And it should be possible to add a text area after the submit button with some legal wording:

Last but not least, GDPR drives to generalize preference center.

The hard point is enforcing user preferences when running campaigns. This is very error prone and the source of potential huge liabilities. Vote

Any key point I have missed ? please feel free to comment, I'll add them.

-Greg

Grégoire_Miche2 · ‎03-11-2018

added this one:

-Greg

Anonymous · ‎03-11-2018

Hi Gregoire,

These are great!

Related to key GDPR points, it would also be nice for Marketo to provide some simple standard solutions to be able to:

- Start/stop tracking people through Munchkin when they opt-in/out of cookie tracking

- Start/stop scoring people when they opt-in/out of profiling

- Have a general best practice GDPR friendly form that can be imported from the Marketo Library or in Marketo documents as a guide, with those fields that are a must (e.g. Consent Request, Consent Notes, Consent Date, only email address and country and mandatory fields, etc.)

Thanks!

Grégoire_Miche2 · ‎03-11-2018

Hi Macarena,

The scoring one is under Marketer's responsibility. Just add a filter to your scoring program on the opt-in field.

On the GDPR program, my experiences is that there is a true diversity on how it has to be implemented, depending on the business organization and geographies.

-Greg

Dan_Stevens_ · ‎03-11-2018

Not only the various interpretations of the law, but also the level of risk that an organization is willing to accept. We‘re now seeing many organizations stating they will be “GDPR-ready” by May 25 (vs. GDPR-compliant), primarily due to the lack of what it means to be fully compliant at this time. Not to mention the ePrivacy Regulation (which won’t be revised by May 25) which includes many of the important guidelines/laws - beyond data protection - that us marketers must adopt.

Matjaž_Jaušove2 · ‎03-11-2018

Don't know if someone said it before, but a huge thanks to Grégoire and also Dan Stevens for your insights, opinions and debates on GDPR here. Very helpful!