RevCult is now OwnBackup Secure! In 2021, OwnBackup acquired RevCult, enhancing the cloud data protection platform with proactive data security. With OwnBackup Secure, you will strengthen security posture by understanding data exposure risks and proactively taking action to protect and secure your data—all within Salesforce.
The General Data Protection Regulation (GDPR) is a law on data protection and privacy for European Union citizens that came into effect on May 25, 2018. GDPR impacts a vast number of businesses, regardless of what products they sell, how big they are, or where they’re located. Compliance is mandatory, and the penalties are severe.
Companies that have Salesforce, however, have a bit of a leg up on the rest of the lot. Salesforce has some powerful features that can be applied to comply with different elements of GDPR.
Let’s start by taking a high-level look at GDPR. There are three strong themes that emerge from within GDPR:
In this post, we’re going to focus on Privacy by Design and Accountability. So, if you’re impacted by GDPR and you have Salesforce, where do you even start?
Simple answer: Salesforce Shield.
Why Shield? Because Salesforce Shield has three components that align very well to GDPR, specifically:
Now let’s take a look at some specific GDPR articles and explain how these 3 Shield components can support compliance.
Article 25: Data Protection by Design and by Default
When you’re designing or implementing a system or a way to store information, you should be thinking about privacy first, and by default, making the system as secure as possible.
Article 32: Security of Processing
Covers the general protection of data, technical security, data access control, change control, and oversight.
Salesforce Shield vs Article 25 and Article 32:
Article 33: Notification of personal data breach to the supervisory authority
Responsible for telling authorities about a breach.
Article 34: Communication of a personal data breach to the data subject
Responsible for telling impacted individuals about a breach.
Salesforce Shield vs Article 33 and Article 34:
Article 5: Principles relating to processing of personal data
What data can and should be stored, and for how long?
Salesforce Shield vs Article 5:
Article 24: Responsibility of the controller
If you’re using the data to do business, then you’re a “controller.” If you’re helping a controller do their business, you’re a “processor”. As a controller, it is your responsibility to know what data you have and be able to demonstrate your compliance with written policies.
Salesforce Shield vs Article 24
There’s much more to GDPR than was covered in this post, and it’s certainly here to stay. Our advice? Continue to educate yourself on the regulation and become more aware of how it specifically impacts your business by identifying your risk areas. For companies looking to enhance their Security and GDPR compliance, Salesforce Shield is a powerful solution that addresses some of the core aspects of GDPR: Privacy by Design, Data Protection and Accountability.
Interested in learning more? Request a free Guided Risk Assessment for Salesforce today, or schedule a demo below.