As part of our GDPR prep, I have come up with few scenarios on how we obtain and could process our data in compliance with GDPR. I would really appreciate your inputs and correct me if I am doing something wrong.
Below are the fields that I have created for this purpose.
GDPR Consent date and time
GDPR Consent purpose
Online Lead: Web forms and Marketo forms
Offline Lead: Manual uploads
All our Marketo and web forms will have a Checkbox and we will update the above field values if the checkbox is marked. However, I stumbled on few scenarios that I have listed below:
- Our CMS that hosts web forms will still pass the information into Marketo even though the checkbox is not marked(if they don’t opt-in) as it is not a required field and the user will be able to submit the form. Can we have user information who have not opted-in as part of our marketo db?
- If I have a returning or existing lead that previously have/have not provided consent, as part of form fill or a manual upload, could we override GDPR values with the new Consent value, date and purpose or should we maintain history?
Ex: I have a lead who filled out our Marketo form and provided consent and the GDPR values were updated as True etc. In future, if I get the same lead as part of a tradeshow upload or if they fill out our web form, system would override previous value with the new one. Is this ok or should we maintain history by creating additional fields and append all the data for auditing purposes.