Are you using cloud apps like Salesforce, Google G Suite, Microsoft Office 365??? Then under the GDPR impact, you should know a few things in fact certainly do a few things!
Global Data Protection Regulation or more popularly known as GDPR; the European data privacy law is here! If you are someone concerned with gathering and protection of personal data from cloud apps your job just took on a major set of fresh responsibilities.
- Talking about Salesforce, making your Salesforce GDPR compliance strategy for e-commerce is initiated by closely monitoring the customer data that you collect starting with the cookies. The European Union’s General Data Protection Regulation will strictly need that all the companies carrying out their business in European Union or with the European citizens online, to protect the privacy of those citizens and their personal information. This implies that the customers of Salesforce Commerce Cloud catering to European customers must align with e-commerce GDPR compliance strategies.
- Not only e-commerce but even the Salesforce Marketing Cloud customers need to get aligned with EU’s GDPR. The bigger and the more complicated your marketing tech stack is more will be the level of complexity of the Salesforce GDPR compliance. European Union’s GDPR requirements may deeply affect the Salesforce Marketing Cloud customers i.e their ways in which they make use of the customer data. Salesforce GDPR marketing compliance will want the marketers to evaluate and reconsider their marketing strategies targeted to the European customers. So no matter whatever Salesforce product you are using and whichever makes use of the European customers needs to rethink and re-strategize their policies.
Salesforce welcomes GDPR as they too firmly believe in the fact that if companies are trusting enterprises with customer data then they should be entirely responsible for securing it and making it available in a secure way. Hence Salesforce is definitely working the direction to ensure that their systems comply with the European Union mandates.
So here are a few tips to help Salesforce users for General Data Protection Regulation.
Conducting a Gap Analysis
The General Data Protection Regulation is 88 pages long with some 99 articles, so in such case conducting a complete gap analysis against the internal controls will help to uncover where the program needs to be reconfigured to align the compliance and ensure the customizations and integrations can support the GDPR compliance.
Highlighting the necessary steps for operational and technological changes
To align with GDPR, Salesforce has formulated a few essentials across its entire product line.
The vendor should be able to support the following essential tasks, namely:
- Able to take customer consent prior to storing data or sending marketing content.
- Allowing the customers to restrict the usage of their data.
- Giving the provision of data portability to the users.
- Enabling a mechanism for customers to delete their data.
Simplify your systems and controls
You need to establish controls and outline definite processes. Simplification of the systems and consolidation of data will assist you a lot to comply with GDPR.
Document your compliance
Documentation is always a critical and significant part of any process especially in case of an audit. So a proper documentation is needed including the details of your preparation for GDPR. The policies and the procedures to be followed should be properly documented and timely accessible.
Comprehending how GDPR align with your organization
Another step includes understanding and clarifying how and to what extent GDPR requirements align with your organization’s values on privacy. For example identifying how privacy is affecting the different processes within the organization,etc.
Clarity of the location of personal data and confirmation of cross-border transfer mechanism
Salesforce has an updated Data Processing Addendum (DPA). Privacy shield, Salesforce Processor Binding corporate rules, and Standard Contractual clauses are the three processes included in DPA. The companies need to be completely aware of where the data is processed geographically as well as the location of the data centers.
Lastly you need to align with your marketing department
To make sure that your information reaches to individuals who are interested in your products. Companies should ensure that Marketing is in strict alignment with GDPR so that it doesn’t become the weakling in the compliance chain.
On an ending note, with the entry of GDPR, Salesforce sees it as a golden opportunity for its customers to embrace data protection and this will eventually help them in getting differentiated from their competition and build a greater trust with customers, and as said trust is always the foundation of all great relationships.
References: salesforce, admin.salesforce, searchsalesforce.techtarget, searchcloudsecurity.techtarget, gen25, symantec