The Right to be forgotten has taken the world by storm and European Parliament General Data Protection Regulation (GDPR) guidelines have marketers anxious and worried for months. GDPR has forced organizations to rethink customer data and privacy with a ‘Privacy by Design’ approach. This means consent from customers is required to hold their data.

 

Apart from posing as a burden for marketing and data professionals, GDPR also means a huge change in internal processes. Salesforce’s Spring ‘18 Release solved this to a large extent, containing essential components for data protection and privacy.

Managing Consent

GDPR brings the onus of responsibility towards ensuring that corporations have the right approval from there users on how to leverage the data that they have collected. Salesforce has configured privacy settings across the various roles in an organization, customers can leverage an amalgamation of Standard Objects and its settings, Custom Objects, and combine their own business workflows to configure their compliance requirements.

The ‘Individual’ object

A new standard object called ‘Individual’ was released in Spring ’18 Salesforce. It essentially registers a person’s data preferences – how they wish their data to be stored, used, and shared. ‘Individual’ records have a lookup relationship to a Lead, Person Account, Contact, and custom object, carrying extra contextual information. The User object can also be linked via Apex which means that an individual with any Lead, Contact, Person Account can relate all of them to a single Individual record.

The Individual object can hold a higher level of consent data. In the future, Salesforce is expected to launch Consent objects to control the type of consent, date of obtaining and expiry, as required by GDPR. Until they become available you can create these as custom objects.

The ‘Individual’ object can be enabled from Setup. It can be found under ‘Data Protection and Privacy. On clicking edit, you can check the box ‘make data protection details available in records’. On adding the ‘Individual’ field to the Lead and Contact page layouts, you can associate a Contact/Lead to their relevant ‘Individual’ record via lookup.

Out-of-the-box records are basic but functional. These are the fields ready for use, not necessary for you to create.

 

Checkboxes:

 

  • Don’t Market, Don’t Process, Don’t Profile, Don’t Track
  • Block Geolocation Tracking
  • Export Individual’s Data
  • Ok to Store Personally Identifiable Information Data Elsewhere, also known as data transfer
  • Forget this Individual

Change Tracking:

  • Created by/Date
  • Modified by/Date

Creating Individual records

Instead of using Apex to create Individual records one by one, take a segmented approach. Start with records with the strongest consent.

 

  1. Create an Individual record related to every Contact that has a contract with the organization. Add the Privacy Permission record with a Privacy Source of “contract” to validate your contractual agreement to process data at the time an individual is a customer.
  2. Look at all Contact with open Opportunities. Before creating a new Individual record, check if it already exists and connects it to the Contact. Add the Privacy Permission record with a Privacy Source of “Legitimate Interest” to validate an individual is an engaged customer and can have a shared legitimate interest in your organization.
  3. Look at Contacts connected to campaigns and determine how long back the campaigns were held and if the person actually consented to you holding their data. If you have a record of them opting in, this consent may still be valid but still check with the legal team.
  4. Look at your Lead data and assess if you evidence of the individual actually consenting to you holding their data.

Enabling compliance

Storing customer information is important to enabling efficiencies and control to data processing. The Individual object can be used as the basis of workflows such as data deletion for data that has been kept for longer than is necessary. Salesforce users can leverage standard reporting to categorize and filter records before executing mass actions, such as sharing with third parties. Using Salesforce reports for campaign segmentation means one can be sure of excluding anyone who has opted out of marketing communications and who do not wish to be profiled.

 

A ‘Privacy by Design’ approach in Salesforce is sure to reap long-term benefits using the Individual object and adding custom consent objects. Using the Individual object as the basis of privacy data is important. If you want your organization to be GDPR-compliant, it is important to track consent data in custom objects.

Portability

In a GDPR regime corporations are required to share an individual’s personal data in an easy to understand format that they have acquired about a consumer. Salesforce enables corporations to export data in several of these formats, including CSV, XLS, JSON, and XML.

Data Security

Security is one of the key principles of the GDPR and measures are required to protect personal data. Some of the measures include user authentication and access controls. Corporations leveraging the Salesforce platform can rest assured about cloud security and can deploy access controls and other measures to secure their Data.

Wrapping Up

There are various solutions out there that enable corporations to become GDPR compliant, but if a corporation is looking at securing and complying with the regulations set forth by GDPR Salesforce can be one of the easiest solutions to implement.

Share This Blog
Related Articles
Step by Step Guide to Configure Email to Salesforce

In this detailed guide, we will walk you through the significant yet easy steps to configure Email to Salesforce. Without any further ado, let’s get started! About Email to Salesforce As the term refers, Email to Salesforce is valuable for any organization that businesses use as their Customer Relationship Management (CRM) platform. It helps streamline […]

Read More
Guide on CRUD Operations in Node.js with jsForce
Step-by-Step Guide: How to Perform Salesforce CRUD Operations and Simplify Workflows with jsForce and Composite API

CRM developers typically need to integrate Salesforce with Node.js apps. One well-known library for this purpose is jsForce, which provides a comprehensive set of tools for interacting with Salesforce data and performing CRUD tasks effectively. Let’s dive into the blog, where you will understand the use of jsForce to execute key CRUD tasks within Salesforce, […]

Read More
How to Implement Round Robin Assignments in Salesforce Using Apex
How to Implement Round Robin Assignments in Salesforce Using Apex

Ensuring a proper workload balance and quick follow-ups from internal or external team members, leads, opportunities, or task distributions is crucial. To achieve this, all you need is a Round Robin assignment. In this step-by-step guide, we will walk you through the process of implementing a round-robin assignment in Salesforce using Apex. Here, we’ve used […]

Read More
Best Salesforce Developments Services Provider
Understanding Large Data Volumes (LDV) in Salesforce

In this step-by-step guide, we will walk you through the significant role of Large Data Volumes in Salesforce, and what strategies or practices you should keep in mind. What is Large Data Volumes? In Salesforce, Large Data Volumes (LDV) refers to managing a huge amount of records available in the platform. LDV usually comes into […]

Read More
Mastering Pattern and Matcher Classes in Salesforce Apex for Advanced Text Processing

Salesforce Apex includes numerous built-in text handling classes, and in addition to them, the Pattern and Matcher classes are good for performing complex string operations. These classes enable us to define and work with regular expressions, which are of particular importance for data validation, searching, and modification. In this technical blog, we will find out […]

Read More
Effortlessly Manage User Access: Setting Expiration Dates for Permission Sets in Salesforce

Maintaining security and compliance in Salesforce requires effective user access management. This article will lead you through the process of creating expiration dates for Permission Sets and Permission Set Groups, allowing you to automate access removal while minimizing manual work. Know how this functionality simplifies workflows, guarantees compliance, and improves security procedures. Why Use Expiration […]

Read More
Our Location worldwide
Indian Flag India
3rd Floor, A-10, Pegasus Tower, Sector 68, Noida, Uttar Pradesh 201301 +91-1203117884
United States of America Flag USA
333 West Brown Deer Road Unit G – 366 Milwaukee WI, USA 53217 +1(262) 310-7818
United Kingdom Flag UK
7 Bell Yard, London, WC2A 2JR +44 20 3239 9428
Canada Canada
HIC Global Solutions INC
43 Lafferty Lane, Richmond Hill, L4C 3N8, CA +1(262) 310-7818