Salesforce Marketing Cloud is getting GDPR-ready with the April 2018 release

Salesforce is GDPR ready

As we all know, the new European privacy law, known as GDPR, will be coming into effect on May 25, 2018.  This law is aiming to give subjects more control over their personal data, and introduces new rights, such as the right to be forgotten, the right not to be profiled and data portability. Are you GDPR-ready? Throughout this year, Salesforce will continue to add to the Marketing Cloud to ensure compliance.

In the latest Salesforce Marketing Cloud release, going live on April 21, these new features have been added.

New privacy settings in Analytics Builder

Web & Mobile Analytics has three new privacy settings:

Do Not Track: Behavioural data collected from the moment this setting is applied, is destroyed. Note: Data collected before the Do Not Track request is retained and still used to give recommendations.
Do Not Process: Past behavioural data is retained, but new behavioural data is destroyed. The subject does not receive personal recommendations.
Do Not Profile: Behavioural data is still collected, and all past data is retained, but it is not used to provide personal recommendations.
These settings can be accessed in Analytics Builder → Web & Mobile Analytics → Privacy settings. You will need to enter a customer identifier to apply them to an individual.

Data Protection and Privacy in Audience Builder

Subscribers deleted using the Contact Delete feature from Audience Builder, are removed upon the regularly scheduled data load automation. This prevents those subscribers from being included in new audiences. This process also removes any related usage data or data in sendable data extensions.

Records deleted via the Data Extension user interface for deleting records from a non-sendable data extension, are also removed upon the regularly scheduled data load automation.

… and Contact Builder

With this release, Account admins can make Contact Delete available within their Marketing Cloud account.

The GDPR requires a possibility to restrict the processing of an individual, so Salesforce introduces a Restrict Contact REST resource. A Restricted status for a single contact prevents sending, tracking, or other processing.

Email Studio: Contact Deletion and Restriction of Processing

Contact Deletion: Deleting a contact from within Email Studio is not enough to be in compliance with the GDPR. You need to delete the contact using the Contact Delete feature in Contact Builder or Contact Delete APIs.

A contact under Restriction of Processing will not be processed by Marketing Cloud. These subscribers can also no longer update their Profile and Subscription preferences, but they can always unsubscribe.

The Do Not Track preference attribute in Email Studio honors the subscriber’s preference to not have their email opens and clicks tracked. You can still send emails to contacts with this preference, but it will affect reporting, as their clicks and opens are not included in any reports.