How Pardot Helps Marketers Comply with Today’s Privacy Regulations

Today, technology is integrated into nearly every part of our lives. From the tiny personal fitness trackers on our wrists to the major data centers powering the internet we use daily, computers of all shapes and sizes have become ubiquitous in modern society, achieving levels of scale and popularity that were the realm of science fiction just a decade or two ago.

However, our increasingly connected world is not without its challenges. The trail of information left by our digital actions can last forever. Power imbalances between those who generate data and those who collect it have the potential to lead to serious privacy and security issues. 

As a result, legislative bodies worldwide have passed regulations like the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) to give consumers more control over how their data is used and to penalize misuse.

To remain competitive while maintaining consumer trust, it’s up to today’s businesses to build compliance into their products and services. That’s just what we’re doing here at Pardot. 

Here’s how we’re helping our customers comply with existing and evolving privacy regulations and build tailored solutions to support requirements under different privacy frameworks. 

Obtaining Consent 

Modern workplace woman using mobile phone in office.

Consent is at the heart of our approach to marketing automation. As a result, we have a strict permission-based email marketing policy — but for added flexibility, we also offer our customers substantial configuration options for email consent collection and management. 

Pardot also supports recency and frequency automation rules to govern suppression, which sometimes prevents communications from reaching recipients. Different governance strategies can be employed for different groups at a customer, segment, offer, product, or channel level.

We also support alignment with web-tracking consent requirements like affirmative opt-in, and we provide features that ensure unsubscribe and opt-out are as easy as subscribe and opt-in.

Empowering Customers to Manage their Data

Pardot supports the right to know, the right to be forgotten, and the right to rectification by allowing our customers to:

  • search their records for personal data on a given data subject
  • correct records
  • permanently delete data subject records

Our customers can support these privacy use cases directly through our user interface, or they can implement custom privacy workflows through our software interfaces. These same features support privacy requirements like restrictions on processing and restrictions on sale of information.

To enable compliance with data portability requirements, Pardot provides the capability to export records in a comma-delineated format, and we allow record export through our software interfaces for customers who want to build their own portability workflows.

Incorporating Privacy-by-Design

Our software interfaces are rich enough to allow our customers to build implementations using privacy-by-design principles, and Pardot encrypts all data at rest by default across all customer accounts. Pardot encryption works alongside Salesforce Shield and network security best practices to protect data at rest and in transit across systems.

Privacy frameworks and regulations like GDPR enforce controls on how data controllers interface with data processors like Salesforce Pardot. We allow our customers to comply with these controls through non-technical features.

Our Data Processing Addendum to our Master Subscription Agreement defines how Salesforce legally complies with GDPR and CCPA through mechanisms like Binding Corporate Rules. Salesforce contractually guarantees important security controls and certifications to our customers, allowing our customers to comply transitively.

The Future of Privacy

The privacy landscape is evolving, from both legal and social perspectives. The issue is receiving wide support from a variety of people and legislators. This is a good thing for consumers and businesses alike. The principles embodied in new privacy laws will protect against privacy threats that have emerged in recent decades and many of the future threats to come.

Even before the current wave of privacy regulations, most B2B marketers were already focusing on prospects who provide their personal information willingly for the purpose of exploring a relationship. At Salesforce Pardot, we’re watching privacy trends to make sure we support our customers in the face of a changing legal, technical, and social environment. 

Protecting privacy always has been — and always will be — the right thing to do.

Keep Learning

What is mixed content and why should marketers care? Learn why browser vendors are changing the browser experience to discourage mixed content.

This blog post is part of our security, privacy, and technology series.