Microsoft Dynamics 365 Marketing and GDPR

Published December 14 2020

Data Protection and GDPR

It's helpful to know that unless you have zero European contacts in your database, GDPR applies to you. The General Data Protection Regulation (GDPR) is a European Union (EU) directive that imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents.1

Out-of-box GDPR Feature Within Dynamics 365 Marketing

This article will show you how to enable the out-of-box GDPR feature that comes with Dynamics 365 Marketing.  It also shows what enabling that feature means for standard marketing processes. Please keep in mind that this article is not intended to show how to: support data requests from your marketing audience OR demonstrate GDPR compliance. Both of these are unique to each and every company. 

How to Enable GDPR for D365 Marketing 

1. To enable GDPR for D365 Marketing, navigate to MarketingSettings > Data Protection Tools 
On the Active GDPR configurations page, click New from the command bar.
Give the New Configuration GDPR a Name such as "Default GDPR Settings". 

a. Note that Respect consent will default to No. You can change this setting only after you save the configuration. Turning on Respect Consent will enable GDPR features throughout the Marketing app (recommended). For example, you can use Consent Level to filter a segment, send a customer journey, or score a lead.  
b.  Log Consent changes will default to Off. Flip the toggle to create a log file of all GDPR consent changes which is helpful to demonstrate compliance. 
c. Click Save 

Enabling GDPR for D365 Marketing_My GDPR Configuration screen

2. In addition to enabling GDPR, to fully comply with rules and regulations, you should also configure double opt-in for forms.  You can set this up individually with each marketing form - or you can enable the Global Double Opt-in by navigating to Marketing > Settings > Default Marketing Settings.  Once you pick your marketing settings, click on the Global level double opt-in tab and change Enable Double Opt-In from No to yes.  When you enable this feature - you MUST add confirmation request messages and thank-you pages created using Marketing Emails and Marketing Pages respectively.

Enabling GDPR for D365 Marketing_Default Marketing Settings

3. Next, you should update your subscription form to contain the consent level field.

4. As long as Respect Consent = Yes, you can now use consent level to:

a. Filter segments
b. Set the minimum consent level required for a customer journey.
c. Set the minimum consent level required for lead scoring

5. Note that after GDPR is enabled, the Contact entity will have the following new fields:

Enabling GDPR for D365 Marketing_Data protection_contact entity

  • Consent given: Read or set the maximum consent level granted by this contact. This contact will only be able participate in marketing initiatives permitted for this consent level or lower. You should only change this setting after receiving explicit consent from this contact. Usually, you should allow contacts to change this themselves using a subscription center.

Consent given has 5 options, out of the box, but can be customized.  The out of box options are:

Enabling GDPR for D365 Marketing_5 options of consent

  • Is a child: Mark this box to indicate that this contact is a minor (usually, under 18 years old), and therefore requires extra protection.

  • Parent or custodian: If the contact is a child, then select their legal parent or custodian (guardian) in this lookup field. The parent or custodian must also be saved as a contact in your database.

  • Tracking: Choose whether to track contact interactions. If the box is set to Do Not Allow, Marketing will not track public interactions (email opening, email clicks). The tracking option allows contacts to specify whether they consent to having their interaction data saved. You can trigger this field by either adding the field to client consent forms or by updating the contact data directly.

Learn more about the GDPR

Here are some resources where you can learn more about how to bring your Dynamics 365 systems into compliance with the GDPR:

  • Microsoft Dynamics 365 and GDPR. This webpage includes links to resources, white papers, blogs, and other information related to various Dynamics 365 applications and the GDPR.
  • Supporting Your EU GDPR Compliance Journey with Dynamics 365 Marketing. This white paper (downloadable PDF) will help you build a basic understanding of the GDPR and relate that to Dynamics 365 Marketing.
  • Data Protection Resources. This webpage includes links to compliance guides, white papers, FAQs, security reports, penetration tests, risk assessment tools, and other resources that apply to a wide range of Microsoft products.
  • Microsoft Trust Center. This webpage includes links to information about how new features in Microsoft 365 help you secure personal data and meet strict GDPR privacy requirements.
  • Microsoft Compliance Manager. This webpage includes links to information about control management, integrated task assignment, evidence collection, and audit-ready reporting tools to streamline your compliance workflow.

Helpful Links & Resources:


Microsoft Dynamics 365 Marketing Overview_Webinar_Customer Journey UI, GDPR support, Dynamics 365 Customer Voice (integration), Power BI and Customer Insights integration