Recently I started a fresh Pardot implementation for a North American client and I wanted to put a Tracking code on their website. I asked for the IT vendor’s help and the Security team asked me a series of questions related to GDPR and Pardot’s capability to handle them.
I had to process a lot of GDPR literature online and thought it would be prudent to share the same here.
I am presuming that people are aware of GDPR and I will only be covering the how Pardot supports the tenants of GDPR.
Right to Be Forgotten
Meaning: In order to comply with data protection and privacy regulations, You may need to delete customer data.
Pardot Solution: To delete prospects from Pardot, send them to Recycle Bin and then an admin can Permanently Delete the prospect[s] Detailed solution
Meaning: Customer should provide explicit consent to you for sending the Emails to them.
Pardot Solution: It offers 2 solutions for this tenant i.e. Unsubscribe functionality and Email preference center.
Meaning: Customer’s data should be sent to them upon request in the human-readable format like csv
Pardot Solution: Pardot provides CSV export and/or Pardot API. Detailed solution.
Restriction of Processing
Meaning: In certain cases, customer can request to stop processing/accessing his/her data in Pardot.
Pardot Solution: To stop processing the data, Admin should archive the data to Recycle Bin. After the restriction is lifted, data should be reimported. Detailed solution
Meaning: Companies should provide concrete measures to ensure that personal data is handled in accordance with GDPR principles e.g. by appointing a Data protection officer, imposing contractual obligations on processors, and using the principles of “privacy by design” and “privacy by default.”
Pardot solution: Pardot aka Salesforce provides a robust Data Processing Addendum containing strong privacy commitments. It also contains appropriate Data Transfer Frameworks ensuring personal data transfer outside of EU region. Detailed read
Meaning: Companies should provide the correct security measure to protect personal data.
Pardot Solution: It provides a secure solution in accordance with our Trust and Compliance documentation. Detailed read
Geographical data storage
Meaning: EU citizen data should be held inside the EU and if it is transferred outside the EU, then it should be regulated properly with trusted mechanisms.
Pardot Solution: Currently, the infrastructure hosted by Salesforce in the provisioning of the Pardot Services is located in the United States. Detailed Reading