GDPR & Salesforce - What You Need to Know

May 03, 2018

On May 25, 2018, a new data protection privacy law called the General Data Protection Regulation (GDPR) will take effect in the European Union (EU).

What Exactly is GDPR?

The General Data Protection Regulation (GDPR) is an EU regulation law on data protection and privacy for all individuals within the European Union. The new GDPR regulates the “processing,” which includes the collection, storage, transfer or use, of personal data about EU individuals.

What Does This Mean to You as a Salesforce User?

Salesforce is in full compliance with the GDPR and offers stringent security protections. But there are a few things to take into consideration:

  • Your Salesforce CRM will require a custom data privacy permission object connected to the Lead/Contact/User Account in order to meet GDPR guidelines.
  • Back Your Data with a Consistent Data Mapping/Inventory Process.
  • Respond Quickly to Subject Access Requests (SARs)

A few key changes from the General Data Protection Regulation:

  • Expanded rights for EU individuals: The GDPR provides expanded rights for EU individuals such as deletion, restriction, and portability of personal data.
  • Compliance obligations: The GDPR requires organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records of data activities and enter into written agreements with vendors.
  • Data breach notification and security: The GDPR requires organizations to report certain data breaches to data protection authorities, and under certain circumstances, to the affected data subjects. The GDPR also places additional security requirements on organizations.
  • New requirements for profiling and monitoring: The GDPR places additional obligations on organizations engaged in profiling or monitoring behavior of EU individuals.
  • Binding Corporate Rules (BCRs): The GDPR officially recognizes BCRs (which Salesforce offers for certain of its services) as a means for organizations to legalize transfers of personal data outside the EU.
  • Enforcement: Under the GDPR, authorities can fine organizations up to the greater of €20 million or 4% of a company’s annual global revenue, based on the seriousness of the breach and damages incurred.
  • One stop shop: The GDPR provides a central point of enforcement for organizations with operations in multiple EU member states by requiring companies to work with a lead supervisory authority for cross-border data protection issues.

Make sure your organization is updated on all the GDPR guidelines.

You can read all about the Salesforce GDPR for further information here.

There is even a European Union Privacy Law Basics Trailhead you can complete to get a better understanding of how the new data protection law works.