Setting up the marketing rules and policies
There is some marketing data - Privacy Sources and Allowed Communication Rules - that needs to be set up before you can add Privacy Permissions for leads and contacts. Make sure you are in the Data Privacy Administrator app.
We have created a table that you fill out to help you think through your marketing and sales process. We have created a working sheet in XLS for you to use. DOWNLOAD
Here is an example of the completed table which we created by thinking about the marketing and sales cycle.
This is the list of Privacy Sources where data is collected. Create this list by thinking about your marketing, sales, and support processes, e.g. scanned at an exhibition stand, subscribed to blog, exchanged business cards, downloaded white paper.
The Privacy Source (rows) is where you define the rules for the marketing expiry, data retention periods, and the legal basis. There are six different legal bases defined by GDPR. You can also think about whether the creation of the Privacy Permission from the Privacy Source is manual or automated.
In the Data Privacy Administration app, go to the Privacy Source tab and hit New. You need to add the following data for each Privacy Source:
Name: e.g. scanned at exhibition.
Description: this is so end users can decide which Privacy Source to use.
Source Type: this dropdown is a pick list that can be configured, e.g. online, face-to-face, website, agreement - or different business units.
Lawful Basis: legal reason for storing and processing the data which is a dropdown with the GDPR defined reasons.
Active: this makes the Privacy Source visible to end users. Leave this unchecked if you want this Privacy Source to only be used by automation or an app.
Privacy Notice: this is displayed in the Add Privacy Permission screen.
Requires Explicit Opt-in: when this is checked, an opt-in check box is displayed in the Add Privacy Permission screen. If the check box is not completed, then the opt-in is not added when the Privacy Permission is created.
Default Retention period: how long until this Privacy Permission expires?
Default Communication period: how long can you communicate with lead or contact? This sets the expiry date on the Opt-in. If this is empty then this is the same duration as the retention period. It cannot be longer than the retention period. Both values are set by the organization and reflect the agreed policies for handling personal data.
Internal Notes: this can be used to document the justification for the policies.
Privacy Communication Rules
A Privacy Communication Rule defines how the organization engages with a contact or lead. This object captures the content type and channel for that content. A contact or lead will unsubscribe from a Communication Rule. This is determined by thinking through your marketing processes: "What do you send to customers?".
These are the columns under ALLOWED COMMUNICATION RULES; e.g. Product updates by email, Event invites by email.
In the Data Privacy Administration app, go to the Privacy Communication Rules tab and hit New. You need to add the following data for each Communication Rule:
Name e.g. Product update, Blog, Webinar invite.
Channel from the predefined dropdown (email, fax, post etc.); this list can be changed.
Icon to use.
Available for Custom Source: if you want this Communication Rule to be available in the list of Rules present for a Custom Source (see section on Custom Sources).
Active; this makes it visible.
Connecting Privacy Sources and Communication Rules
Now you need to decide which Communication Rules will automatically be allowed for each Privacy Source - the ticks in the table below.
Assigning Communication Rules (Lightning)
Edit each Privacy Source and go the Related List tab in the right panel in Lightning and add Assigned Communication Rules. If the Privacy Source Type is "custom" then you cannot assign Communication Rules.
Assigning Communication Rules (Classic)
Go to the Assigned Communication Rules related list and add more Assigned Communication Rules. If the Privacy Source Type is "custom" then you cannot assign Communication Rules.
Here is the image in Classic
Custom Privacy Sources
You may want the flexibility to be able to offer a particular person more than the Communication Rules that are on a Privacy Source.
When you create a Privacy Source and select “Custom” in the “Source Type” dropdown, you will not be able to assign communication rules in the configuration.
When you create Privacy Permission and select a custom Privacy Source, you can then set which Communication Rules are allowed. The list is those that were set using the Communication Rule “Available for custom sources” checkbox. Think of this as a-la-carte marketing ,or an override for this customer if they want me to send them "x, y & z" marketing content.