Is Your Salesforce Organisation Planning For GDPR?
GDPR stands for ‘General Data Protection Regulation’ and on the 25th May 2018 the regulatory framework which houses all the UK data protection laws is about to undergo a substantial overhaul. Data protection regulation was first introduced in 1990 and it’s safe to say with the emergence of the internet and modern CRM technologies the way companies use and stockpile personal data has changed dramatically – and so should the rules which we are governed by. In this article, we will explore what’s changing from a regulatory standpoint and look at how companies who use Salesforce can plan for GDPR.
How Is The Data Protection Rulebook Changing?
Fears and expectations of being GDPR compliant by 25th May 2018 have now reached fever pitch and companies are wildly trying to put new processes and plans in place. In total, the new regulation will hold 99 separate articles which outline the new rights of individuals and the new obligations of businesses to protect those individuals. The UK Government and the European Union have created a wealth of free information which helps businesses prepare for GDPR and potentially the most straightforward resource to review is ICO’s 12 Steps To Take Now. The main purpose of GDPR is to standardise the way firms hold and manage data, resulting in greater accountability and raising the minimum requirements which companies have to adhere to.
Some of the more notable changes are:
- Individuals have the right to be informed of changes to their personal data AND the right to have access to that data or delete that data
- Companies will have less time to reply to data requests (30 days as oppose to 40) AND companies cannot charge individuals for processing or handling time
- Individuals shouldn’t be subjected to automated-decision making programs & should receive a greater level of control
- Consent to record data is becoming much more transparent. Individuals need to clearly say it is OK for firms to store their personal data rather than ‘automated opt-in’ acceptance – which some customers are unaware of
- Stronger processes need to be put in place to combat future data breaches and all breaches need to be submitted to the Information Commissioners Office for review
- There will need to be more regular reviews of the data organisations hold and Privacy Impact Assessments (PIA) will become regular practice
How Will GDPR Affect Salesforce Data?
Salesforce is not immune to GDPR and companies who use Salesforce will likely have to make changes to become GDPR compliant in the future. There are various Salesforce software products available to purchase (Pardot, Sales Cloud, Marketing Cloud) all of which store data in some form. Therefore, companies need to ensure that when making changes to become GDPR compliant these changes are reflected across the full mix of Salesforce integrations. The great thing about Salesforce is that the platform is taking GDPR extremely seriously and the company are taking extra lengths to make GDPR compliance a seamless process for many firms. Salesforce will keep on adding new functionality to make GDPR a breeze but it’s the companies who operate the platform who will essentially be held accountable and need to understand intimately how the platform works. Here’s how your Salesforce organisation can plan for GDPR:
Data Portability – Salesforce are making it super easy to honour customers requests to see what data is being held. Encrypted data can be directly exported from Salesforce in Excel, CSV and XML formats and companies can now enable an API to do this rather than relying on an individual user manually exporting the data through the interface.
Consent Controls – Salesforce now has greater ‘out of the box’ controls for helping firms become GDPR compliant. Rather than just ‘opt in’ or ‘opt out’ users have much more choice, they can now select many different options such as ‘do not call’ and ‘fax opt out’ etc. Giving individuals a choice is key to the Salesforce GDPR strategy, companies can now also search for contacts and leads within Salesforce by searching via their GDPR statuses.
Right To Be Forgotten – This is a cornerstone of the new GDPR rules which will come into play and Salesforce are again making it much easier for firms to delete personal information which isn’t compliant. All linked data can be deleted in one go and Salesforce are ensuring the platform is syncing data changes at a much quicker rate.
Security Enhancements – The ‘out of the box’ security has also been upgraded, reducing future risks of data breaches. There are strong backup and disaster recovery options, with network services showcasing best in class threat detection and encryption.
How Can Your Salesforce Organisation Plan For GDPR?
With Salesforce improving their CRM software in recent months you may be wondering what your employees can do to help prepare you for the upcoming regulatory changes. Almost in all cases it involves having those high-level conversations within your business and making sure the appropriate teams are well informed before GDPR takes effect. As a company who process large volumes of data, here’s what we would recommend:
- Actively promote company wide awareness for key decision makers. The law is changing and therefore managers who influence company processes need to be part of the conversation
- Complete an information audit, documenting all the personal information you hold. Why are certain pieces of information recorded and are they 100% necessary for the business to function?
- Review your current privacy notices and policies and understand what information individuals are seeing on a regular basis
- Salesforce Administrators should then complete a review of how Salesforce is currently being used and any gaps where information or processes are not compliant need to be documented. Appropriate training can then be delivered which showcases how Salesforce users need to use the platform to respond to customer requests and ensure data is GDPR compliant
We hope enjoyed this blog and that your Salesforce organisation is taking the appropriate steps to become GDPR compliant. You can find more information on the Salesforce and ICO websites, or if you would like to speak to someone we also offer Salesforce Consultancy services for organisations looking to maximise the full impact of the platform.