At Salesforce, we see the GDPR as a tremendous opportunity for marketers to deliver greater value and a deeper, more trusted relationship with customers and partners. To navigate the GDPR and to continue to blaze a trail in marketing, you need to balance customer-centricity, governance, and compliance. Pardot allows marketers to face the GDPR with confidence, and to use the GDPR as a catalyst for customer centricity.
You may need to delete customer data in order to comply with data protection and privacy regulations. Pardot offers a rich set of features to help you meet your obligations under the GDPR. Salesforce allows customers to delete personal data at both an organizational level and an individual level. To delete a prospect from Pardot, put the prospect in the Recycle Bin and then an admin can Permanently Delete that prospect using the admin tools for the Recycle Bin.
Pardot customers may use the CSV export and/or Pardot API.
Pardot includes unsubscribe functionality and an email preference center to keep track of your customers’ communication preferences. Administrators will be able to enable a setting that prevents emailing individuals who have opted out of receiving emails and a setting that disables tracking on the "Engage for Gmail" extension. Web Tracking will continue to use tracking opt-in preferences.
Simply archive to Recycle Bin to restrict processing in Pardot. If the restriction is lifted at a later date, the data can be re-imported.
Salesforce offers customers a robust data processing addendum containing strong privacy commitments that few software companies can match. This addendum contains data transfer frameworks ensuring that our customers can lawfully transfer personal data to Salesforce outside of the European Economic Area by relying on either Binding Corporate Rules for Processors, our Privacy Shield certification, or the Standard Contractual Clauses (depending on the service in question). This addendum also contains specific provisions to assist customers in their compliance with the GDPR.
Pardot provides our customers with a secure solution in accordance with our Trust and Compliance documentation.

We are committed to our customers’ success, including compliance with the GDPR.”

- Raise awareness of the importance of GDPR compliance with organization leaders
- Obtain executive support for necessary staff resources and financial investments
- Choose someone to lead the effort in becoming GDPR-compliant
- Build a steering committee of key functional leaders
- Identify privacy champions throughout the organization
- Review existing privacy and security efforts to identify strengths and weaknesses
- Identify all the systems where the organization stores personal data, and create a data inventory
- Create a register of data processing activities and carry out a privacy impact assessment for each high-risk activity
- Document compliance
- Ensure privacy notices are present wherever personal data is collected
- Implement controls to limit the organization’s use of data to the purposes for which it collected the data
- Establish mechanisms to manage data subject consent preferences
- Implement appropriate administrative, physical, and technological security measures and processes to detect and respond to security breaches
- Establish procedures for responding to data subject requests for access, rectification, objection, restriction, portability, and deletion (right to be forgotten)
- Enter into contracts with affiliates and vendors that collect or receive personal data
- Establish a privacy impact assessments process
- Administer employee and vendor privacy and security awareness training
- Compile copies of privacy notices and consent forms, the data inventory and register of data processing activities, written policies and procedures, training materials, intra-company data transfer agreements, and vendor contracts
- If required, appoint a data protection officer and identify the appropriate EU supervisory authority
- Conduct periodic risk assessments