Anyone that is doing business globally, surely has GDPR on their mind. We had a steering committee call this morning and one of the topics that came up was around "consent management". Specifically the following:
- As part of this complex topic is one that states that a user will have the right to have their data removed (e.g., from Marketo) and we will need to keep a record of this. Does Marketo plan on creating some sort of audit trail of this activity? Today, if you delete a person, the only item that remains is their "unsubscribe" status as part of the durable unsubscribe.
- Another surprise to us was the fact that GDPR is enforceable based on CITIZENSHIP, not country of residence. As a result, our company will be enforcing GDPR compliance across all marketing activities globally (not just those that target countries in Europe) - to me, this also means that every company needs to be concerned with GDPR (even if their only market is the US?) - essentially, making it global law. So if a German citizen is living in the US, GDPR applies to them. Therefore, we can't rely on the country value in the user's record. Is this a surprise to others?
I'd be very interested in any items on Marketo's roadmap that deal make it easier for its customers to comply with GDPR.