21 Replies Latest reply on Nov 17, 2017 7:19 AM by Erica Dipyatic

    GDPR Compliance: Consent Management implications

    Dan Stevens.

      Anyone that is doing business globally, surely has GDPR on their mind.  We had a steering committee call this morning and one of the topics that came up was around "consent management".  Specifically the following:


      • As part of this complex topic is one that states that a user will have the right to have their data removed (e.g., from Marketo) and we will need to keep a record of this.  Does Marketo plan on creating some sort of audit trail of this activity?  Today, if you delete a person, the only item that remains is their "unsubscribe" status as part of the durable unsubscribe.
      • Another surprise to us was the fact that GDPR is enforceable based on CITIZENSHIP, not country of residence.  As a result, our company will be enforcing GDPR compliance across all marketing activities globally (not just those that target countries in Europe) - to me, this also means that every company needs to be concerned with GDPR (even if their only market is the US?) - essentially, making it global law.  So if a German citizen is living in the US, GDPR applies to them.  Therefore, we can't rely on the country value in the user's record.  Is this a surprise to others?


      I'd be very interested in any items on Marketo's roadmap that deal make it easier for its customers to comply with GDPR.