GDPR and Hidden Fields | Community
Skip to main content
A
Anonymous
December 12, 2017
Solved

GDPR and Hidden Fields

  • December 12, 2017
  • 3 replies
  • 9458 views

Hi All,

Under the GDPR there are 2 main points that caught my attention:

  • Purpose limitation - data can only be used for the purpose specified at collection
  • Data minimisation - limit the amount of data collected to what is necessary to serve the purpose for what its collected

Do you think this points will affect the use of hidden fields as the user won't be aware of certain data we are collecting?

Thanks!

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by Dan_Stevens_

    Background processing - like behavioral scoring - is also the result of being able to properly TRACK this engagement as users interact with our digital properties, campaigns and content.  Unfortunately, under GDPR, it sounds like we'll now need to block ALL cookies by default (including Munchkin) until a user has given their consent to install these cookies on their browser.  This is significant.  Think about it - would you provide your consent on every site you visit to the multitude of cookies that can be installed?  Heck no.  Serving up pop-ups like this is really going to degrade the overall customer experience (and have a significant impact on our ability to use Marketo - and other marketing automation platforms - like we do today).

    3 replies

    A
    Anonymous
    January 23, 2018

    On a similar vein of thought - as far as I know you still cant delete fields in Marketo - now that we are aware we should "only collect the data we need" - its actually quite important to be able to delete fields and their stored values in Marketo, due to having legacy data, as well as to prevent them from being recorded to by stopping them existing. Does anyone know if this is possible yet? @Peter Bell​ do you know if this is planned?

    Dan_Stevens_
    Dan_Stevens_
    New Participant
    January 23, 2018

    Curious as to why you would want to delete a field (rather than just the data within that field?

    A
    Anonymous
    January 23, 2018

    If we are asked to provide all the data we hold on an individual - and we have fields for "x personal data" - it increases "doubt" it also allows for more mistakes/risk.

    So risk mitigation - remove fields so that we can definitely say we only hold the data we need - "data and purpose minimization"

    A
    Anonymous
    December 14, 2017

    I found the below in a SiriusDecisions report, and though it might be useful for everyone marketplace.siriusdecisions.com/Blogs/GDPRIsComing5MarketingAutomationPitfalls

    Here are five important – but often unexpected – danger areas:

    1. MAP "data management campaigns.” Although marketing automation has encouraged systematic data embellishment and “use your data to create new data,” companies must now ensure all such activity is declared. Data from the past will need to be audited, and marketers are responsible for future updates and the outputs of any new or existing automated procedures.
    2. Reverse IP tracking. As marketing automation has found its pivotal and permanent place in the hearts of our businesses, reverse IP tracking has become part and parcel of everyday prospecting. Before GDPR, this was somewhat of a gray area – but now it's crystal clear. Marketers must seek consent before storing and processing an individual’s IP address.
    3. Lead scoring. Scoring programs provide marketers with ready-made segmentation and an engine to automatically send leads to sales. In GDPR terms, this type of processing constitutes profiling, and marketers must have consent to do it. Across the aisle in sales, propensity-to-buy calculations may also be hard at work in a sales force automation system. If this is used to profile for followup then, once again, permission must be granted.
    4. Reactivation programs. Marketers regularly seek to jump-start old databases by running reactivation programs for individuals inactive for months or even years. Unfortunately, under GDPR, individuals who have not opted in recently to communications cannot be contacted in this way.
    5. Record disposal. Finally, something outside of all marketers' comfort zone. If you do not have consent to store and process an individual's data, you must delete what you have. This applies to records accumulated over time but lacking opt-in, as well as to individuals who withdraw consent.

    Thanks.

    Dan_Stevens_
    Dan_Stevens_
    New Participant
    December 14, 2017

    Thanks for sharing, Macarena. These points are super important and relevant for almost all of Marketo’s customers (even if businesses don’t operate in the EU). As I’ve been saying, GDPR is really going to restrict our use of Marketo (and other MAPs) as we’re used to doing today.

    Given the significanc of this insight you shared, it probably deserves its own post (and not as a comment within an existing thread about forms, marked as “answered”).

    E
    ErikHe1
    New Participant
    December 12, 2017

    Hi Macarena,

    This is an interesting topic, if you think about it there are more data fields aside from hidden fields on a form, such as lead score fields which are constantly updated in the background. I see it more as a data processing optin on a form. You will need to do a clear documentation of the data you are processing to be compliant.

    It would be interesting to hear what others have to say on this topic.

    /Erik

    Dan_Stevens_
    Dan_Stevens_Accepted solution
    New Participant
    December 12, 2017

    Background processing - like behavioral scoring - is also the result of being able to properly TRACK this engagement as users interact with our digital properties, campaigns and content.  Unfortunately, under GDPR, it sounds like we'll now need to block ALL cookies by default (including Munchkin) until a user has given their consent to install these cookies on their browser.  This is significant.  Think about it - would you provide your consent on every site you visit to the multitude of cookies that can be installed?  Heck no.  Serving up pop-ups like this is really going to degrade the overall customer experience (and have a significant impact on our ability to use Marketo - and other marketing automation platforms - like we do today).

      A
      Anonymous
      December 12, 2017

      Hi Dan,

      Thank you very much for this for this valuable insight, I really appreciate it.

      This is very concerning. I thought we would be able to use Munchkin as long as we put in every form a field that allows customers to opt-out. But you are saying it's the other way around, that we won't be able to use Munchkin unless they have given us their explicit consent.

      I know Marketo provided a GDPR webinar but it was very high level, without getting into the actual details. We need a very detailed explanation of measures needed to be taken to ensure we are 100% compliant.

      Thanks,

        Terms & ConditionsAccessibility statement

        Loading footer...