GDPR and Privacy: "anonymize person" flow step

As part of the GDPR, we need to get consent from people in order to be able to keep their data. If someone registers to download a white paper but does not opt-in, we are supposed to delete any reference to the person. This means deleting it or anonymize it.

One very big issue with this is that when we delete the person, it is automatically deleted from all reporting.

The work around this is to anonymize the person, since it is accepted that we keep anonymous information in our systems. We can easily replace the first name, last name or email address in the database with "John Doe" or "Anonymous Person". But there are some information that cannot be manipulated from a smart campaign:

• Cookie IDs attached to the person
• Inferred and system data such as the IP address
• Data value changes in the activity logs
• Fills out form in the activity logs

Furthermore, relying on users to run data value changes is error prone.

It would be very helpful if a new "anonymize Person" flow step was created.

In the field management, we would be able to define which fields should be anonymized, and what would be the anonymous value for each of them (for instance, we would define that the anonymous value for first name would be "Anonymous" and for last name it would be "Person", and NULL for the email address).

Then, when running the "Anonymize person" flow step, Marketo would automatically replace all the fields set in the admin with their anonymous value, cleanse the system fields that could be considered as personal Ids and also cleanse all the DVC activities (either deleting them or replacing all values with their anonymous counterpart).

-Greg