1 Reply Latest reply on Apr 20, 2018 1:29 PM by Grégoire Michel

    GDPR: Email Opt In = Data Processing Opt In

    Christina Zuniga

      A few experts at webinars have mentioned that if your privacy policy is clear about what information is being processed, you can equate an email opt in with data processing opt in.

       

      I was thinking about including a line about that in the form itself when someone goes to opt in, so that it's even more up front that if they opt into receiving emails, they are also giving permission for their data to be processed (with specifics about what that looks like in the privacy policy).

       

      I've also seen people say these need to be two different fields and maintained separately, so you could have an email opt in that you cannot lead score, track links, geotarget, etc. because you didn't get data opt in permission.

       

      What are you setting up? Any advice or someone who can say one way or the other?

        • Re: GDPR: Email Opt In = Data Processing Opt In
          Grégoire Michel

          Hi Christina,

           

          This is really a decision that your company needs to make. The GDPR says that both consent have to be given, but it does not say that they have to be given separately, only that they have to be well informed. Most of my customers here in France are combining the 2 in one opt-in.

           

          The problem IMHO, is elsewhere : if the person does not give the combined consent, you are not supposed to keep them in Marketo. You are not even supposed to let them enter Marketo, in all rigorousness. So the minimum would be to anonymize them and, if you really want to be 100% compliant, to erase them, as for the moment anonymization cannot be total. See GDPR and Privacy: "anonymize person" flow step

           

          -Greg