Configuring Siftrock for GDPR Alignment

Updated 1 week ago by Katja Ritchie

This guide outlines considerations for using Siftrock within GDPR regulations. The first section highlights ways that our tools can help you achieve your GDPR compliance goals. 

The second section provides considerations if you plan to use Siftrock to manage and mine email replies from EU residents. Please contact your CSM or for more specific recommendations.

Features to Support GDPR Compliance

Opt-out compliance: 

Siftrock can automatically handle "manual" unsubscribe requests (i.e. the individual replies to your email asking to opt-out rather than clicking the link). This is a critical element for GDPR and all anti-spam laws globally.

Re-enrollment campaign support: 

If you are running any campaigns to drive re-enrollment or refresh opt-in consent from your existing database, Siftrock will help manage the replies. For example, you could send personalized emails asking people to reply in order to opt-in. Siftrock can then log those replies and record all information in your MAP.

Data validation & cleaning: 

GDPR principle 1(d) speaks to keeping data up to date. Siftrock helps clean your database for invalid email addresses or people who have left the company. Mining replies is one of the fastest ways to find out of date or invalid data and scrubbing that from your marketing database to avoid bounces and spam reports.

Implementing Siftrock Under GDPR

How does GDPR change implementation best practices and considerations?

Human Reply Management, Routing, Tracking: 

GDPR does not impact human reply management, as it does not include any net new Contact Data collection.

Database Cleaning: 

GDPR does not impact database cleaning functionality, as it does not include any net new Contact Data collection. Since Siftrock only has access to email replies, these contacts will already have received emails from your business. Additionally, Siftrock can aid in GDPR compliance by automatically opting out contacts who ask to unsubscribe from emails via a reply (rather than clicking an Unsubscribe link).

Creating New Contacts: 

For new sales contact mining, implementation should be reviewed to align with Subscriber's consent policy. If Subscriber relies on consent for the lawful basis of processing Contact Data, you should configure Siftrock to exclude creating new contact records from EU-based activity because data subject consent cannot be acquired in advance. You can exclude these leads in workflows sync rules or by limiting Siftrock’s implementation to only receive replies for US-based email campaigns. Contact your CSM to review configuration options.


This is not legal advice.

How did we do?