GDPR for Salesforce® : The Top 4 Compliance Pains

Share Article

How to comply with GDPR requirements considering the hierarchical data structure that comes with using Salesforce®? Capstorm spoke with many customer and consulting partners in order to understand the top pain points for GDPR compliance.

Capstorm- Salesforce Disaster Recovery Experts since 2011

www.capstorm.com

How to comply with GDPR requirements considering the hierarchical data structure that comes with using Salesforce®?

How to comply with GDPR requirements considering the hierarchical data structure that comes with using Salesforce®? Capstorm spoke with many customer and consulting partners in order to understand the top pain points for GDPR compliance. All are actively utilizing Salesforce® with business sizes ranging from 1,500 to 100,000+ users.

1) Finding Data
Finding and replacing specific data within Salesforce® is a daunting task when considering possible locations for a single item. For example, a single address may be found within a contact record, multiple attachments, history tables, quotes, contracts, converted leads, etc.

2) Removing Without Losing
Complying with the “right to be forgotten” does not mean losing all data history! Consider medical records: If a patient moves to another practice, it may be necessary to “forget” the patient’s personal details, however, it can be valuable to retain the anonymized medical history. Instead of record deletion, use obfuscation. Replace all instances of a given name with generic information such as “patient456” to maintain record hierarchy and compliance.

3) Verifying Compliance
The stringency with which GDPR audits will be completed is yet to be seen. However, with the ability to fine €20 million or 4% of a company’s annual global revenue, it is prudent to assume that enforcement will be strict. Consider the value of having exportable audit reports detailing obfuscation of personal and sensitive data in order to easily demonstrate compliance.

4) Access Control
Salesforce® provides excellent ways to control data access such as permission sets, record types, and roles. What must be considered are any 3rd party providers that may have access to the data. Access control is tricky once the data leaves a company's firewall.

Capstorm’s solution, CopyStorm/Search meets these needs with a few simple steps:

  • Salesforce® data is brought into an on-premises database via the Salesforce® APIs.
  • Data and metadata can then be searched using CopyStorm/Search for key terms, such as an email address, with options for a wildcard search. CopyStorm/Search does not touch a production Salesforce® , uses no API calls, and is fast with hundreds of millions of records searched per hour.
  • Record search results can be exported with a click.
  • Replace selected data within Salesforce® by entering a value and selecting which records to update. Print an audit log to show that records have been obfuscated.    
  • Demonstrate compliance by proving that due diligence has been performed to remove personal data!

Visit Capstorm for additional information and view additional resources regarding GDPR. Technical information regarding Capstorm's GDPR solution can be found on learn.capstorm.com.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Rebecca
Capstorm
+1 314-403-2143
Email >

Drew
Capstorm
314-403-2143
Email >
Capstorm, LLC

Visit website