Skip to content

36) Privacy and Consent Management Options

Jump to bottom
Coding With The Force edited this page Apr 28, 2024 · 8 revisions

Why Care About Consent and What Info To Capture for Consent

We care about consent because we must abide by federal regulations (such as GDPR) around the world that give customers control over how their data is handled by businesses (and just because it's the right thing to do).

The information we need to capture for consent management is:

  1. The Individual (contact, lead, user etc)
  2. The Data Use Purpose (Why we need the data we are capturing)
  3. The Contact Point Type (Email, Address, Phone, etc)
  4. The Capture Source (where we captured the data)
  5. Effective From & Expiration (How long we would store that data)

Core Salesforce Privacy and Consent Management

The Consent Management Objects

  1. Individual - A way to provide a single view/golden record to link together all Contact, Person Account, Lead, User, and Employee records that represent someone in your system. The individual object is then linked to other consent mgmt objects to determine what points of contact they have approved for you to communicate with them. Its primary purpose is to store information about an individuals global consent choices (opting in to geolocation tracking, email marketing, etc)

  2. Contact Point Consent - This object represents the consent status for a variety of contact point records for an individual for each contact type. For example, a user may have 10 emails and have a different contact preference for each email. You would log all 10 email consent records here, and their consent preferences for each individual email would be stored on those records.

  3. Contact Point - This object represents the many different points of contact for an individual, for example, if a user has 20 email addresses, 3 physical addresses, and 6 phone numbers, you would represent each of these as an individual contact point record.

  4. Contact Point Type Consent - This is used to log the types of contact methods that an individual has stated its ok for your business to contact them with (ex: Email, Phone, Mail, etc).

  5. Brand - Brand allows you to distinguish a customers contact point consent decisions on a brand by brand basis.

  6. Data Use Purpose - In many cases you are legally required to disclose how you are using an individuals information. This object allows you to create records for those purposes and reuse those purposes across different contact point consent and contact point consent type records

  7. Data Use Legal Basis - This allows you to log the legal information regarding your data use purposes.

Consent Capture Managed App
There is a free Salesforce Labs Consent Management App called Consent Capture that can be found here. It will allow you to place an easy to use (and customizable), prebuilt flow to capture consent related information.

Consent API

The Salesforce Consent API gives you the ability to track consent information across all objects that relate to consent management (Lead, Contact, Person Account, User, Individual, Contact Point, Contact Point Consent, Contact point type consent, Authorization form consent) in a single call. It can also be used to find duplicate users, contacts, leads, individuals, etc to allow you to easily link all these records to a parent Individual object. You can even find information for multiple emails or records in a single call.

The Consent API cannot locate records that have the email address protected by shield platform encryption.

More information on the Consent API here: Consent API Info

Consent Event Stream

There is a special Consent Message Handler on the Salesforce Streaming API that wraps all consent objects into a single event (Lead, Contact, Person Account, User, Individual, Contact Point, Contact Point Consent, Contact point type consent, Authorization form consent).

Consent Management Overview Video

Marketing Cloud Privacy and Consent Management

Clone this wiki locally