Trust, transparency, and choice: Marketo’s tech-centric approach to privacy with OneTrust

Coworkers walking in discussion in office hallway

Marketo is a global leader in digital marketing automation with a suite of products and solutions to help customers better understand and measure their marketing efforts, getting the best results. Founded by marketers, for marketers, Marketo is a trusted tool used by thousands of CMOs across the globe.

As a digital marketing automation company, Marketo’s business inherently manages and processes large amounts of personal data. Marketo didn’t see EU’s General Data Protection Regulation (GDPR) as a hinderance to its business, but as an opportunity to demonstrate to its customers, and the data subjects to whom they market (recipients), that data protection is a Marketo core value.

“We were receptive to the GDPR and the accompanying privacy controls and rules that came into effect because it promotes trust, transparency and choice,” said Matthew Fischer, Associate General Counsel and Chief Privacy Officer, Marketo. “At the end of the day, that’s what is important in building relationships between companies that are marketing and the recipients of their content.”

As a processor and sub-processor of personal data, Marketo leveraged the GDPR as an opportunity to showcase how marketing automation plus privacy can be a powerful, effective and trustworthy combination.

"With OneTrust as our privacy management software tool, we are well equipped to demonstrate our compliance to regulators. OneTrust is a value proposition for our privacy program and we don’t hesitate to explain its benefits when discussing our privacy program with our customers and prospects, since privacy is key for marketers."


Jack Yusko, Privacy Compliance Analyst

Using privacy to build trust among customers and recipients

Privacy is pivotal to Marketo because it goes hand-in-hand with the integrated services it provides to customers. As privacy breaches dominate news headlines, and people become more aware of the amount of data about them that companies process, more consumers are adopting the European view of privacy as a fundamental human right, explained Marketo’s Privacy Compliance Analyst, Jack Yusko.

“Privacy is something that can be used not only as a positive for the business, but a way to engage people in the way they want to be engaged,” he said. “Greater information and user control can lead to higher quality conversations and more meaningful interactions.”

To prepare for the GDPR, Fischer and the Marketo privacy team started with a readiness assessment to better understand the scope of their processes and the necessary steps to achieve compliance with the regulation. It quickly became clear that a flexible and robust tool would be needed to fulfill certain key GDPR mandates, such as accountability, and to institutionalize privacy across the organization.

“That’s what started our search for a GDPR automated solution,” Fischer said. Marketo’s privacy team sought to ensure that the technology the company selected fit Marketo’s specific technology and legal requirements.

Partnering with OneTrust to automate readiness, data mapping, and more

In assessing the technology needs for its privacy program, Marketo was looking for a comprehensive data inventory solution that could also help ensure a detailed understanding of data flow processes within the organization. After extensive research, Marketo chose OneTrust to help automate and operationalize components of its privacy program.

“The data inventory module sold us on OneTrust,” said Yusko. He also leverages the readiness assessment module to track progress and stay on task across the various Marketo business areas, as well as assessment automation for PIAs/DPIAs. Yusko says OneTrust makes it easy for him to get these assessments to his business users and document their responses.

“We can continually customize and A/B test to improve our questionnaires based on what’s working, and we can introduce conditional logic to trigger additional questionnaires that might be needed for controllers versus processors,” he said.

Since Marketo is an organization with a large number of different teams, products and applications, the privacy team found it helpful that it could use OneTrust to start documenting a single processing activity, and have the flexibility to easily recategorize and adjust the questionnaires based on the way processes operated within Marketo. Using OneTrust, the privacy team was able to follow a “methodical process” in asking questions to dig deep, rather than get a high-level overview.

“OneTrust has helped our organization with the GDPR’s Article 30 records of processing requirement and to capture an accurate picture of our organization as a whole from the perspective of privacy,” Yusko said.

New global privacy regulations, same flexible OneTrust solution

Through GDPR preparation, Marketo was able to develop and document a more holistic view of its internal processing activities to prepare for the new privacy regulatory landscape on the horizon. Marketo’s privacy team is closely watching new privacy regulations that will likely impact Marketo and its customers, including the ePrivacy Regulation and California Consumer Privacy Act.  Marketo is confident in its ability to leverage OneTrust’s functionality and flexibility to address these new global privacy regulations.

“That’s why we have confidence in OneTrust and why we chose it,” said Fischer. “We fully expect we will have to further customize modules, applications and templates to adjust to these new requirements, and OneTrust can help us with this process.”

Marketo is using the OneTrust Cookie Consent banner to give website visitors control and choice over the categories of cookies that are stored on their devices. Yusko says the OneTrust banner is an intuitive, straightforward way to give users choice over their tracking preferences and can be easily tailored based on new guidance and regulations that may come out of ePrivacy. Overall, he’s been impressed with the ongoing additions to OneTrust’s template gallery to address new guidance issued by supervisory authorities and new regulations.

“With OneTrust as our privacy management software tool, we are well equipped to demonstrate our compliance to regulators. OneTrust is a value proposition for our privacy program and we don’t hesitate to explain its benefits when discussing our privacy program with our customers and prospects, since privacy is key for marketers,” Yusko concluded.


You may also like


Responsible AI

Unpacking the EU AI Act

Prepare your business for EU AI Act and other AI regulations with this expert webinar. We explore the Act's key points and requirements, building an AI compliance program, and staying ahead of the rapidly changing AI regulatory landscape.

July 12, 2023

Learn more


Consent & Preferences

Live demo: How to automate consent and preference management with OneTrust

In this webinar, we demonstrate how OneTrust Consent and Preferences helps build stronger customer relationships by providing transparency, giving users control over their data use, and delivering personalized experiences.

June 29, 2023

Learn more


Privacy Management

Unpacking the EU-US DPF

In this webinar, we cover the new EU-US Data Privacy Framework (EU-US DPF) and what privacy program managers need to know for post-Schrems II data transfers.

June 28, 2023

Learn more