3 Replies Latest reply on Feb 6, 2018 2:59 PM by Grégoire Michel

    GDPR opt-in Consent vs. Salesforce leads with email opt-in

    Gerard van den Akker

      I have worked on getting our subscription center in Marketo GDPR compliant and I think I've come quite a long way. I created fields to keep track of Consent, and I'm logging the actions the user takes when subscribing / unsubscribing. However, there are more sources where leads can come from, entering Marketo.

       

      The one I'm struggling with at the moment (process-wise) is Salesforce. In our case we have a filter between Marketo and Salesforce, so only leads with 'Sync with Marketo' set to True, will actually be synced.

      What if there's a lead or contact in Salesforce, and a sales rep switches on the 'Sync with Marketo' checkbox...

       

      The leads enters Marketo and I can see that by the fact that a Person is Created (previously called Lead) and 'People Source is set to 'salesforce.com'.

      Now what if in Salesforce the person has opted-in for email (Email Optout = FALSE)? I cannot prove that this person has opted in (Consent) so I cannot email this person from Marketo.

      Now I'm wondering - instead of solving the problem on the Marketo side, should I solve the issue in Salesforce, by doing a batch update for all leads that are not yet synced, and set Email optout to TRUE? Did anyone bump into this question and have some ideas or best practices?

       

      It could get a bit more complicated when the newly created lead in Marketo already exists etc, but maybe first get the basics working...

       

      Any insights are much appreciated.

        • Re: GDPR opt-in Consent vs. Salesforce leads with email opt-in
          Grégoire Michel

          Hi Gerard,

           

          This is a very important question you are raising here. Marketo is better than SFDC to track opt-in, mainly because Marketo has an audit trail of field changes in the activity log that can provide very detailed information such as the IP address from which a form was filled out or the email from which an unsubscribed was triggered. And of course, with the GDPR, Saleforce can no longer be trusted as a source of truth for Opt-in Data because the only information you can link to an opt-in in SFDC is what SFDC user checked the box. Not really GDPR-proof

           

          One of the recommendation I make to my customer is to ALWAYS sync all records from Marketo to SFDC (the opposite might not be necessary, hence the sync filter) and make sure (with appropriate workflows and SFDC setup) that once a person is sync'ed it remains sync'ed unless expressly removed following a clear process.

           

          One of the reasons why all Marketo records should, be pushed into SFDC is to avoid duplicates without data sync that can lead to the discrepancies you are describing, which becomes very problematic with the GDPR.

           

          The objection that I am often given for not sync'ing all leads from Marketo to SFDC is that bad quality leads might be pushed to SFDC. This is were lead queues come handy : it's easy to assign a lead to a queue so that sales do not see it unless they make a search on it. And when the lead becomes MQL / SRL, you just have to reassign it.

           

          The other question is: what people should be left in SFDC only and not sync'ed to Marketo ? Well, if you want to stay GDPR compliant in all your systems, the better is to stop syncing SFDC person that do not have a valid email address (empty, hard bounces, etc...). But then, another question arises: why would I push to Marketo an army of unsubscribed people that are non marketable anyway ? Push them at least once, so that the "unsuscribe" is logged into Marketo and pushed the Durable unsubscribe" table. If in the future you need to remove them from Marketo, fine enough, at least the unsubscribe info will stay there, just in case. read Feeding the Durable Unsubscribe List without increasing the database

           

          -Greg

            • Re: GDPR opt-in Consent vs. Salesforce leads with email opt-in
              Gerard van den Akker

              Thanks a lot Grégoire, that's a lot of information that I have to chew on for a while to see how it would apply to our situation. I do see the benefits you describe of pushing all Marketo leads to Salesforce. That has quite some impact on our existing setup and flows etc, but it might be worth rebuilding it.

               

              If I understand your suggested way of working correctly, I would have to opt out all existing salesforce leads/contacts from email communication before syncing them over to Marketo so they will end up on the Durable unsubscribe list? Before doing so I might wanna check the current overlap between Marketo and salesforce email addresses that are not yet synced.