There is quite a bit of excitement in the blogosphere and Salesforce communities around the upcoming Spring ‘18 release. After all, it’s a big release and what’s not to be excited about? There are all sorts of improvements, features and customizations coming to your Salesforce org. However, some of the less sexy but still critical changes revolve around GDPR (General Data Protection Regulation) and what Salesforce is doing to enable compliance.
What is GDPR?
If your business is in, or has significant dealings in the European Union, you almost certainly know about GDPR already. However, for the uninitiated (or for those whom the 2015 GDPR announcement feels like an eternity ago and need a refresher) GDPR is a new privacy regulation in the EU, set to take effect on May 25, 2018, aimed at giving individuals more control over how their data is collected, used and stored. Up till now, there has been no unifying law that governs data privacy in the EU.
Who GDPR Affects?
Any organization that processes personal data of EU individuals, including tracking their online activities, is within the scope of the GDPR law, regardless of whether the organization has a physical presence in the EU. So if you contract with any individuals or businesses in Europe, you will be legally bound to comply.
What Are the Main Points of GDPR?
- Expanded definitions of “Personal Data”
- Requires that consent of personal data be ‘freely given, specific, informed, and unambiguous’
- Any data collected must be used for limited and specifically stated purposes
- Data must be used as minimally as possible
- Data must be accurate, kept up to date, and deleted if no longer necessary
- Everything collected must be kept safe and secure
- Organizations need a “Data Controller”, who is a designated user to maintain data and be able to demonstrate compliance with the GDPR
- Individuals have the “Right to Access and the Right to Erasure”. Meaning that they can request to see the entirety of what Data you have of theirs, and they can ask to have all of it completely erased if desired
What Do I Do to Remain Compliant?
There are quite a few steps for each company, based on their individual data practices, but the best general advice is to be extremely transparent and careful with how you collect, use and store data. The good news for Salesforce users is that the platform is working hard to make it easy for you to remain compliant.
-Ryan and the CMB Team