Effectively Leveraging the New Salesforce Consent Data Model

By Rick Craig

Published on 8 Apr, 2024

Digital transformation initiatives are on the rise, and managing customer consent has become a cornerstone of ethical marketing and customer relationship management. Organizations face the challenge of not only tracking consent across various communication channels but also aligning with stringent global regulations that dictate the management of customer data. This article delves into how Salesforce’s robust privacy consent data model can simplify this process, offering scalability and a comprehensive approach to managing consent across multiple touchpoints. 

Understanding Consent Management

When talking about customer consent, at a baseline, organizations typically track global, channel-based consent. Forty percent of organizations then further refine consent to specific subscriptions (what you might see in an email preference center), which is easy to do in most communication platforms for a given channel. In more advanced cases (less than 30% of organizations), organizations might track consent across multiple points of contact for an individual and preferences for timing and frequency.
Global organizations need to go a step further and keep up with international privacy regulations like GDPR, CCPA, and CAN-SPAM, document how they will use their customers’ data (and what legal basis they have to do so), support individual-level requests like the right to forget, and keep rigorous records with dates as to when these consent updates were captured. This is an increasingly difficult task, especially when marketers use multiple technology platforms in their omnichannel strategy. Even multichannel marketing hubs may not cover every use case.

Salesforce’s Solution

That’s where Salesforce comes in with their robust privacy consent data model that comes standard. It’s architected in such a way that you can use portions of it that fit your initial use cases and scale as your organization matures. The problem most people come across when actually implementing the consent data model is understanding how each object fits together and how to translate their existing consent tracking and preferences to the new model. The model itself can be a bit overwhelming to unpack. It can basically be boiled down into “Who?” (users, contacts, leads–the actual person having their consent managed) and “What?” (communication channels, contact points, subscriptions).

Implementing the Model

A good place to start is with the basic building blocks and build outward. The “who” should be easy. If your org currently tracks preferences at a contact level, for example, you would set up an Individual record for each contact and associate them. The Individual object acts as the parent to the rest of the consent objects and is where you store global preferences like “Do Not Track”, “Do Not Market”, “Forget This Individual”, etc. These privacy flags trump everything else. The Individual object can act as a golden record to connect all instances of a person in your database to one record (bonus points if you have a CDP used for data unification).
From there you can take a top-down approach. Do your subscribers have the ability to opt out of entire channels? The Contact Point Type Consent object can handle consent for high level channels like Email, Phone, Mailing, etc.
A layer below that is Contact Point Consent. Under each Individual should be multiple contact points for every means of communicating with them like a specific email address or mailing addresses. And each of those contact points can have their own consent (Someone may have said you can email them at their personal address but opted-out of receiving content at their work email address).
Finally, there’s consent to individual subscriptions (in other words, their subscription preferences they would see and be able to manage from a preference center). This can be sliced and diced further by different brands or extended by adding an additional layer to subscription preferences that records preferred communication cadences and days of the week.
The last piece to consider is that this is just a date model. As robust as it is, any automations you have to build yourself. Consider what sorts of flows you would need to build to support your use cases from different communication platforms. For example, if someone opts out of all email communications, you may want to automatically opt-out all their email address contact points and all of their subscription preferences. You may also have scenarios where more than one individual shares a contact point, especially in the same household. In a case like this, you’d want to build flows that can query all contact points that share the same data and keep the consent preferences in sync to avoid running into compliance issues.

Privacy Consent Management

Practical Application

Let’s walk through a simple example that uses a portion of this data model to track preferences for an organization that uses SMS and email from communications. Let’s say you’re a bespoke pet toy retailer (Whisker & Wonders Workshop) and you are looking to expand how you communicate with your customers going forward. Right now, you send out email comms but don’t have any specific types of newsletters, just the occasional product or event promotion. You decide to use the Salesforce consent data model to expand to supporting SMS as a channel, but you also want to stay compliant as you start to market internationally, and you’d like a model that can allow you to add additional subscription preferences over time (maybe even with support for transactional messaging through ecommerce). You plan out and build your model and now it’s time to migrate your subscribers from your existing one dimensional consent model to the new multi-dimensional model with channels and subscriptions.
“Eli Smith” is opted into your emails, so he has a Contact record and an Individual record that indicates it’s okay to market to him. He also has a contact point type consent indicating it’s okay to email him (thanks to your planning, the consent record is able to be tied to a data use purpose record indicating this permission is specifically for the purposes of marketing and is allowed because of a consensual legal basis) . Furthermore, he has a contact point for his email and phone number he provided and he’s indicated consent specifically for his work email to be used for communications.
Since implementing the consent data model, you’ve added a subscription for promotions. Now, you’re able to send out a new welcome email highlighting the new experiences available and encouraging Eli to additionally opt into SMS and consent to the promotions subscription. Eli decides to opt-in to SMS for promotions (and that same day gets text allowing him to confirm so that Salesforce can track the double opt-in requirement) and out of email for promotions (although will still allow his email to be used for marketing purposes other than promotional emails). Now he has a contact point consent and subscription consent for SMS that tracks when he gave that consent.
Whisker & Wonders Workshop is now perfectly positioned to expand to offer subscription cadences and additional subscription types. Who knows, you might expand to acquire additional companies or start doing physical mail outreach. Nothing needs to be “ripped and replaced”, you can simply expand the model to support these additional layers, and customers like Eli can start finding new ways to interact with your brand.


In Conclusion

In short, the journey to effective customer consent management is both a strategic necessity and a complex challenge that requires a dynamic approach, especially for global organizations navigating the intricacies of customer data preferences and legal requirements. Salesforce’s privacy consent data model serves as a powerful tool in this journey, offering a flexible and scalable solution to meet an organization’s evolving needs.

Organizations looking to embark on or refine their consent management journey should take this insight as a starting point and recognize the value it brings in fostering trust and loyalty with their customers. Any organizations struggling with the transition from a traditional, flat consent model to utilizing Salesforce as a source of truth should work with a partner that has experience navigating this journey to ensure it gets done right and scales properly.

Written By Rick Craig

Rick Craig is a Salesforce Architect who has worked in the Salesforce ecosystem for the last 11 years. Prior to joining Shift Paradigm as a Senior Consultant, Rick lead the development of the Marketing Ops tech stack for a global manufacturing company.
Email Icon