OneTrust and Pardot: Our Experience Building Future-Proof Data Privacy and Consent

By Dustin Ver Beek

You might remember me as the “car guy” back from December. Yes, I’m back again, but this time without a car analogy (sorry), but rather with a lesson in privacy, compliance and data protection. Hey! Don’t close your browser.  I know, I know, this topic is about as dry as the gin I drink. But, hang in there I have some useful information to pass along to DRIP readers!

At Herman Miller, we use Salesforce as our CRM, Pardot as our primary B2B marketing automation platform, and Marketing Cloud for B2C and internal-facing campaigns. Utilizing multiple systems comes with challenges around data privacy, especially related to CASL, GDPR, ePrivacy and the CCPA (and about 100 others).

Global customers want the ability to opt-in, down and out of all our communications in a private manner and they want cookie management options. For us, we also mail catalogs, so our customers may want to opt-out of receiving a printed catalog.

How do we manage all these points of entries and exits processing personal data? How can we protect personal data and cover ourselves legally? Where would the “buck stop” regarding a privacy-related lawsuit? All very valid and timely questions.

Joining Forces with OneTrust

Key to rolling out our enhanced privacy program, we joined forces with an industry leader: OneTrust. OneTrust is the most widely used privacy, security and trust technology platform used by enterprises throughout the world. OneTrust will collect consent with detailed records including:

  • who, when, what they were told,
  • how they consented (a must-have for businesses operating in today’s climate),

Side note: OneTrust will also handle Data Subject Requests (DSR), Data Guidance, Assessment Automation and Third-Party Risk Management. All your data handling can be documented using the tool and you can centrally host your privacy policies in one place. No longer does this information live on multiple hard drives throughout the organization, it’s in one singular platform.

Our Solid Process Behind the OneTrust Implementation

Obviously, there is so much more involved with developing a privacy program than just implementing another system and adding it to the technology stack. Systems are fine and dandy, but without a solid business process behind them, they will ultimately fail.

Through this onboarding project, we mapped where all the personal information resides throughout Herman Miller, who can access the data and why, security protocols, and retention times of said data. Additionally, we worked to create the framework and identifying where we needed to allocate resources and add people/process.

Global Consent Vehicle – Front and Back-end

To keep this high-level for the sake of time, OneTrust becomes our global consent vehicle for the front and back-end. There’s a:

  • Back-end interface that we use to create a preference center
  • Front-end interface for the customer to use to maintain their preferences.

OneTrust keeps records of all consent dates/times and where the consent came from (namely which form). Consent gets logged in OneTrust, then is sent via an API call to our Pardot system. If there’s an update to what the customer consents to, another API call is sent/received; it’s a digital handshake from one system to another.

Granted, there’s some work to get there initially, it was all manageable—the most painful parts involved our internal constituents (I’m sure many in the corporate world can relate with that statement).

OneTrust to Pardot Integration

Integral to the technical portion of this project, was how to integrate OneTrust with our marketing platforms – namely, Salesforce/Pardot.

We have approximately 300 lead generation collection forms across our 20 global websites. In the furniture industry, lead nurturing is our bread and butter, so it was crucial that we nail this implementation with minimal/no downtime. Setting up the API calls was relatively easy using OneTrust documentation.

We utilize Adobe Experience Manager (AEM) for our content management system and Pardot form handlers for processing. Our Zen Garden form creator required a few modifications to accept the OneTrust API key, purpose and topic identification.

These ids designate where the consent originated from and posts the information received back to OneTrust upon form submission (trigger). I enter this information into AEM while building the new form after I set up the collection point in OneTrust. No more creating spreadsheets tracking individual forms and where they are located for leadership, it’s all readily available in OneTrust!

Considerations for Using OneTrust with Pardot

Some considerations if you’re implementing OneTrust with Pardot:

  • Include ALL your channels (email, SMS, apps, cookies, print, etc.)
  • Think global even when you might not be (yet).
  • Pull in a technical IT resource early, especially when you’re taking about the API. Whether you make the calls directly from Pardot or your CMS, this is helpful.
  • There can be more than one OneTrust purpose and topic per form (Example: A form has an email sign up checkbox and a contact me now checkbox – these would require two different purposes and topic ids).
  • Initially, we set our forms to handle only one purpose and each topic id could be set by checkbox—this was an oversite on my part and one that cost another few days of development time for one of our programmers. Gin moment there.
  • If you’re global, the majority of the customer-facing interface requires translations. There are some existing copy/translations but it’s not overly personable. If you use a translation service, you’ll want to engage with them sooner rather than later for turnaround.
  • Once you set up a preference center, have people outside the core team review the output. Does it make sense to an outsider? Again, put your customer hat on.
  • Add a couple of months to your timeline as developments will arise as you work through the project.

I am making myself available for questions. Please reach out to me via LinkedIn or post a comment on the post and I’ll try to help. Now with all this Coronavirus drama going on allow me to go back to my now half-full glass of gin. Cheers and stay healthy!

The Author

Dustin Ver Beek

Dustin Ver Beek is a senior Digital Marketing Strategist for Herman Miller and principal of his own digital marketing agency.


    Lakshman Charan N V
    September 11, 2020 4:12 pm
    Your article has thrown light on various aspects of integration and i am more than thankful. We are currently planning to integrate one trust and salesforce and are clueless as to how to go about. We luckily got the documentation from one trust but they speak about classes "OT_consentData.apxc" and similar one's where we do not find them anywhere. If you could help us in this regard, it would be great help. Happy Weekend. Enjoy half-full glass of gin!
    Dustin Ver Beek
    September 21, 2020 7:38 pm
    Hello! Have you tried the following help page from OneTrust?

Leave a Reply