GDPR compliance made easy - consent management in Dynamics 365 for Marketing

Under the General Data Protection Regulation, GDPR, the topic of consent has become a core tenet and is included in the data protection law.

Consent is understood as "any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her."

Dynamics 365 for Marketing

• Allows you to request, capture, and store consent
• Lets you design your marketing activities to respect the consent given by your audience

It is important that you include relevant information in your marketing objects (like landing pages and email marketing message) that unambiguously informs your audience about the data you collect and the purpose of your processing

Your audience must have the option to give consent freely, make an informed decision, and be able to review, update, or revoke consent at any time

Capabilities in Dynamics 365 for Marketing

To help you with consent management and other GDPR related workloads, Dynamics 365 for Marketing has the following capabilities:

• A default collection of hierarchical consent levels is provided out of the box, where higher levels of consent include lower levels
  The above consent levels provided out of the box are just recommendations. You can edit the option set to fit your needs - decide the relevance of each level, and how you would like to use it in your marketing activities
  x
• Contact records include a field Consent given, that stores the level of consent each contact has granted your organization
  
• You can configure each customer journey to only process contacts that have given a minimum-required level of consent
  x
• You can configure each lead-scoring model to only compute scores for leads associated with contacts that have given a minimum-required level of consent
  x
• You can create marketing pages with marketing forms that encourage contacts to grant a level of consent while being unambiguously informed. The consent is stored in each contact's record
  x
• You’ll be able to use various mechanics in Dynamics 365 to extract all information related to a specific contact and share relevant information with that contact when requested
  x
• You'll be able to use mechanics to have Dynamics 365 "forget" (delete) all information about a specific contact when requested
  x
• You'll be able to find and update information about a specific contact when requested.
  x
• You'll be able to provide means for your contacts to ask to view, retrieve, update, and delete their consent and data, and to use Dynamics 365 to model the fulfillment on your side.

Consent Levels

The above consent levels provided out of the box are just recommendations. It is up to you to decide the relevance of each level, and how you would like to use it in your marketing activities. The following table summarizes each supplied consent level and how it is typically used.

Consent levels are hierarchical, so higher levels include all lower levels.

In addition, special privacy protection is required for minors (children), requiring additional consent by a parent or guardian.

Enable GDPR features in Dynamics 365 for Marketing

As seen above, all contact records include a Data protection section with a drop-down list labelled Consent given. You can read or set the consent level here. What's important to note is the consent level set here only takes effect if you have enabled the GDPR features in Dynamics 365 for Marketing

By default, GDPR features such as consent management are disabled on new Dynamics 365 for Marketing instances.

To enable consent management for GDPR

1. Navigate to Settings -> Advanced settings -> Marketing settings -> Data protection tools
   x
2. Click + New to display the New GDPR configuration form
3. In the New GDPR configuration form type a name for your configuration
   
4. Click Save to activate the configuration and enable the Respect consent checkbox
   x
5. Check the Respect consent checkbox if you want Dynamics 365 for Marketing to take the consent given by contacts into account when running customer journeys and lead scoring - or leave the checkbox unchecked if you want Dynamics 365 for Marketing to ignore the values in the GDPR consent field of a contact
   x
   If you are creating a configuration for the very first time you will see a notification informing you about the configuration being activated
   

 

Putting the capabilities to work

As mentioned in the beginning of this blog post, enabling the GDPR features in Dynamics 365 for Marketing opens up for a bunch of capabilities you can leverage to help you stay compliant. Below I'll cover just a few of them.

Filter segments by consent

You can filter segments by consent level just like you can when filtering by other contact values.

Set the minimum required consent level for a customer journey

You can set the minimum consent level for any customer journey. When set, the journey will process only contacts of that level or higher.

To do this, open the journey, go to its General tab, and set the Minimum consent field to the appropriate level.

If you change the consent level of a running customer journey, the journey stops processing any contacts that don't meet that level of consent, including contacts that are already partly through the journey.

Set the minimum required consent level for lead scoring models

You can set the minimum consent level for any lead-scoring model. When set, the model scores only leads that are associated with contacts who have granted that consent level or higher.

To do this, open the lead scoring model, go to the Summary tab, and set the Minimum consent field to the appropriate level.

Include a consent selector in a subscription center

Your audience must have the option to give consent freely, make an informed decision, and be able to review, update, or revoke consent at any time. A subscription center is probably the best place to enable contacts to confirm and modify their consent level.

To set this up:

Step #1:

Set up a marketing form field that maps to the GDPR consent field of the contact entity

Step #2:

Create a marketing form of type Subscription Center that includes the GDPR consent field

Step #3:

The final steps to take is to create a marketing

• page of type subscription center, that includes the above form - please see this blog post for How-To - and
• email message, that includes a link to your subscription center page - please see this blog post for How-To

In this blog post you've seen how to leverage some of the GDPR capabilities in Dynamics 365 for Marketing. Enjoy.