Configuring Siftrock for GDPR Alignment

Updated 2 years ago by Adam Schoenfeld

This guide outlines considerations for using Siftrock post-GDPR. The first section highlights ways that our tools can help you achieve your GDPR compliance goals. 

The second section provides considerations if you plan to use Siftrock to manage and mine email replies from EU residents. Please contact your CSM or for more specific recommendations.

Features to Support Your GDPR Goals

Opt-out compliance: 

Siftrock can automatically handle "manual" unsubscribe requests (i.e. the individual replies to your email asking to opt-out rather than clicking the link). This is a critical element for GDPR and all anti-spam laws globally.

Re-enrollment campaign support: 

If you are running any campaigns to drive re-enrollment or refresh opt-in consent from your existing database, Siftrock will help manage the replies. For example, you could send personalized emails asking people to reply in order to opt-in. Siftrock can then log those replies and record all information in your MAP.

Data validation & cleaning: 

GDPR principle 1(d) speaks to keeping data up to date. Siftrock helps clean your database for invalid email addresses or people who have left the company. Mining replies is one of the fastest ways to find out of date or invalid data and scrubbing that from your marketing database to avoid bounces and spam reports.

Implementing Siftrock Post-GDPR

How does GDPR change implementation best practices and considerations?

Human Reply Management, Routing, Tracking: 

For human reply management, there is no change to best practices or special consideration post-GDPR. This use case is about workflow and time savings and does not include any net new Contact Data collection.

Database Cleaning: 

For database cleaning, there is no change to best practices or special consideration post-GDPR. Since these leads are already in your marketing database, Siftrock is updating fields and invalidating records based on replies. Since Siftrock only has access to email replies, these contacts will already have received emails from your business.

New Sales Contact Mining: 

For new sales contact mining, implementation should be reviewed to aligned with Subscriber's consent policy. If Subscriber relies on consent for the lawful basis of processing Contact Data, you will configure Siftrock to exclude creating new contact records from EU-based activity because data subject consent cannot be acquired in advance. You can exclude these leads in workflows sync rules or by limiting Siftrock’s implementation to only receive replies for US-based email campaigns. Contact your CSM to review configuration options.


This is not legal advice.

How did we do?