AnsweredAssumed Answered

GDPR Compliance: Consent Management implications

Question asked by Dan Stevens. Expert on Jul 18, 2017
Latest reply on Nov 17, 2017 by Erica Dipyatic

Anyone that is doing business globally, surely has GDPR on their mind.  We had a steering committee call this morning and one of the topics that came up was around "consent management".  Specifically the following:


  • As part of this complex topic is one that states that a user will have the right to have their data removed (e.g., from Marketo) and we will need to keep a record of this.  Does Marketo plan on creating some sort of audit trail of this activity?  Today, if you delete a person, the only item that remains is their "unsubscribe" status as part of the durable unsubscribe.
  • Another surprise to us was the fact that GDPR is enforceable based on CITIZENSHIP, not country of residence.  As a result, our company will be enforcing GDPR compliance across all marketing activities globally (not just those that target countries in Europe) - to me, this also means that every company needs to be concerned with GDPR (even if their only market is the US?) - essentially, making it global law.  So if a German citizen is living in the US, GDPR applies to them.  Therefore, we can't rely on the country value in the user's record.  Is this a surprise to others?


I'd be very interested in any items on Marketo's roadmap that deal make it easier for its customers to comply with GDPR.