Your Pardot GDPR Questions Cleared-up: the Best Crowdsourced Answers

Share this article...

Although marketers are not the only ones that are affected by GDPR, we are finding ourselves in the spotlight when it comes preparing for the new regulation. For countless of organisations, this has required long reviews of data capture, storage and processing processes, and even re-engineering some in order to be compliant going forward.

Your marketing automation tool is at the very core of this, and we will rely on these more than ever as data obligations are added to our responsibilities.

This breeds many questions as we work to make our chosen tool, Pardot, water-tight. This post compiles some of the best crowdsourced answers to questions posted on the Pardot Community group in the run-up to GDPR. I have found this shared knowledge extremely useful, and therefore, I wanted to compile it in order to help clear up other Pardot users’ common concerns.

I want to thank everyone for their contributions to the * Pardot B2B Marketing Automation * group. If you want to share your appreciation, each screenshot links back to the post for you to press ‘like’ on the original comment!

Permanently (hard delete) Prospect Data?

(definitely the most common asked about topic…)

Is there a way to permanently delete prospects in Pardot’s recycling bin? From what I’ve seen here it looks like there is not a way to permanently delete prospects from the recycling bin but this is in violation of GDPR. Is this a feature Pardot is rolling out in the coming weeks?

I’ve written a rundown on deleting prospects in Pardot in light of the new ‘Right to be Forgotten’ GDPR data request that should hopefully answer questions!


Prospect can request data deletion when unsubscribing?

On the unsubscribe page is it possible to add an option for the prospect to indicate that they would want their information deleted? I would like to add this option to ensure we are GDPR compliant?

  • You can modify the Preferences Page(s) (Mike Creuzer)
  • You could embed a form in the Opening Content section of the Unsubscribe page. (Jon Svensson)
  • We do this on the Preferences Page to give Prospects frequency and product-of-interest options if they are subscribed to certain lists. (Jon Svensson)


Clean/verify data before Permission Pass?

Is there a way I can scrub my Salesforce list to remove any old emails that would bounce before sending a GDPR privacy update email? I do not want to be dinged by sending to undeliverable emails.

There are many 3rd party providers for this kind of service. I personally use Neverbounce, but others that are often recommended are: Briteverify, Kickbox, DataValidation, Data8, Experian.

Look out for a future blog post on The DRIP about recommended email verification services for Pardot users!


Building a Double Opt-in Process 

Has anyone created a double opt-in process using Pardot as part of GDPR? …just to give a few more details, when a user completes a form and select “Yes” to receive marketing emails from our company, we need to send a confirmation email that the user will have to click to confirm their subscription. If they select “No” on the form, no email should be triggered.

There are a number of resources in the comment thread of this question and in the files section of the community group that are beneficial, and here is a simple framework I use for double opt-in for Pardot.

Reduce delays in updating Prospect preferences data?

Can anyone help remove the delay for updating data using engagement studio or dynamic lists. We’ve built an engagement flow to cover if a user selects to receive newsletters and send an e-mail confirmation to comply with GDPR. Upon testing this confirmation e-mail can take up to 4minutes to arrive. I don’t want to use static lists but can’t find any advice.

  • Is your subscription flow that you’ve built here based on public lists, custom checkbox fields, or both? And how many custom fields are in the Pardot account? These can be things that would slow down what you’re describing. (Lucy Mazalon)


How to implement a “do not track” request?

I’m wondering how we’d implement a “do not track” request. That is, not prospect removal, but just turning off tracking, *including* tracked link clicks and everything beyond just browser DNT?

  • You do have the ability to not track a link in an email. Inside the link properties, make the Link type URL, Protocol <other>, and the link non-http/https (just the url). This will remove all tracking for the email as well as keeping links non-coded. This still isn’t going to exclude opens, but it is a start. (Jared Whitley)




Do not Track for multiple website cookies?

I am wondering how others are handling the GDPR compliance task of cookie notifications on their websites. I see that Pardot has a cookie notification you can enable on your synced website, however, it would only disable cookies for Pardot if a user says “no” to cookies. Websites use other cookies for tracking (i.e., login, analytics, etc.). All cookies would need to be disabled if a user opts out of cookies. Our sites are built on WordPress and when we try to use a cookie plug-in it seems to not have the ability to shut of Pardot’s cookie tracking. Has anyone found a good solution? 

  • We just tell people cookies are used and how to turn it off in the browser if they wish. Pardot respects not tracking cookies it never gets to set. (Mike Creuzer)

Where is data held Geographically?

We are wondering where Pardot data is held geographically – can anyone point me in the right direction?

  • Find documentation here. “Currently, the infrastructure hosted by Salesforce in the provisioning of the Pardot Services is located in the United States.”
  • Live production infrastructure resides in the Salesforce data centers near Phoenix, Arizona and Dallas-Ft. Worth, Texas. Our offsite backups are stored encrypted at rest in Amazon Web Services’ Simple Storage Service (S3) in North Virigina (us-east-1 region).
  • No customer data is currently stored outside of the USA.

Gaining consent for Custom Redirect tracking (before clicking)?

How will Pardot handle #GDPR affirmative consent requirements in the context of custom redirects and email tracking links where no interface is shown in which to give consent before the Prospect is cookied and taken to the appropriate destination?

…good question! I’m going to be checking up on this one for sure!

3 thoughts on “Your Pardot GDPR Questions Cleared-up: the Best Crowdsourced Answers

    1. Hi, very good question…the way most companies do it is cover it in their cookie policy – at the end of the day, a prospect can disable the Pardot tracking by clearing their browser cookies. Still… not a perfect solution. Maybe by posting on the “ Pardot B2B Marketing * group on the Trailblazer community, someone will have a neat solution. Sorry I couldn’t help more!

  1. Hi! Any update on the custom redirect and cookies? I know you mentioned cookie policy in the reply above, but I have yet to find an example of this.

Add Comment