Simple put, GDPR is inescapable for those dealing with individuals within the EU. In the last post we took a look at what GDPR is and how to start preparing for it. Additionally, within the next month we also have Spring ’18 release going live. So the good news is there is a number of GDPR features included to assist Admins prepare…
Recap: What is GDPR?
General Data Protection Regulation, otherwise known as GDPR, is the new privacy regulation coming into force in 2018. It will replace the EU’s previous Data Protection Directive, and align privacy laws and regulations across all EU member states.
Part of the GDPR is the retention and removal processes re: personal data after a period of time. Companies should only retain personal data for as long as needed. So for example, if you have contact details of a person which is linked to contract data you may need to retain it for 7 years. Versus simply having a contact on a mailing list, retaining the data for this long may not be justifiable.
For more details, take a look at my last post for the what/when/how of GDPR.
GDPR: Be Prepared
GDPR is ultimately an update to a number of data/privacy regulations across the EU. But the easiest place to start for most companies is to map out and understand the following:
- where your data comes from. (eg web-to-lead, email-to-case, data.com, users entering in the data),
- how it gets used/stored. (eg are there integrations which also use the data, is it stored outside of Salesforce, are records stored in standard and custom objects within Salesforce),
- what business processes which clean up or remove data. (ie how long does your company need hold onto personal data for (and for what purpose)? Is there already a process to remove personal data?)
Once you understand there where, how and what of your data, you will then understand where the following features and changes may help and support you.
Spring ’18 & GDPR Features
Data Privacy Records (aka Individuals)
Spring ’18 release brings with it a new setting under Company Profile within Setup. The setting to enable Data Protection and Privacy, will expose the new object ‘Individuals’ within your org.
This new object connects to either a contact or lead record within Salesforce to store data privacy settings for that person. So for example you can store the customer’s preference re: soliciting products and services.
A key note here is that in the preview instances of Spring ’18, Individuals it isn’t treated like other objects and doesn’t have a standard tab available to access the object.
But a gentle word to note before we go through how to set this up. As with any changes to a production system, it will require planning before setting this up to ensure it works for your processes. A number of these changes below may also require assistance from a developer or changes to your marketing platform via API. This is not entirely a point and click setup…
1. Activate the feature within Setup
Lightning: Setup -> Company Settings -> Data Protection and Privacy
Classic: Setup -> Company Profile -> Data Protection and Privacy
This will expose the new Individual object, with the standard fields within your org. Most of these fields are created for the purpose of tracking opt-out requests and personal preferences.
Some examples include:
If a contact opts-out of geo-location tracking, you can store that preference here.
You can even store the D.O.B of the person and indicate if they are considered a minor or not. (You might need to do this as minors carry different standards for elements like data retention under GDPR.)
And good news is you can also add custom fields to this object if you wish to.
2. Update Page Layouts
Add field to relevant page layouts on contact & lead objects. Salesforce also suggests to rename the field label from ‘Individual’ to something more meaningful to your users.
3. Existing Contacts/Lead Records
There is a code-based solution to create data privacy records for existing contacts & leads within your Salesforce, which also includes code for handling person accounts.
I won’t go through the code here. But if you are interested, you can take a sample of the code here. Remember you will need to execute this somehow (ie start the code running), so you may need help from a developer friend(s).
4. New / Changes to Preferences
Finally, you will also need to plan how new records get managed within Salesforce.
Will an Individual record be created when a contact or lead is created? What about field updates / etc? Do you do this via a trigger in Salesforce or via API from your email platform?
And what do you get at the end of this? A new record of course … 🙂
Data Quality & Duplicate Jobs
GDPR features in Spring also come in the form of expanded functionality. Spring ’18 release provides an update for its out-of-the-box duplicate management to allow Admins to run a duplicate job.
Previously matching rules would run when a record was being added or updated by a user. This would then either alert the user or block the user, depending on how the Admin had set it up.
But in Spring ’18 release, us Admins can now run a “Duplicate Job“. This allows you to use (or create) a matching rule and then run a search within Salesforce to find duplicates. Once a Duplicate Job completes, you will be able to take action by comparing and merging records, right from the summary page.
Changes to Web to Case and Web to Lead
Spring ’18 release also brings another GDPR feature. This time there is a slight update to how failed Web-to-Case and Web-to-Lead emails are handled.
When a Web-to-Case and Web-to-Lead fails an email is generated automatically to advise. This email will no longer include any personal data inserted by a third-party application.
Data.com for UK/Ireland Contacts
This only impacts users who are using Data.com Prospector or Clean.
Data relating to contacts stored within Data.com Connect (only UK & Ireland) will now be removed from the Connect database.
Also the Clean Status field on a Contact/Lead records will be changed to ‘Not Found’.
As you can see there is a lot to cover, and Salesforce is enabling businesses to become GDPR compliant with all the GDPR features in Spring ’18. There is still more to read in the Release Notes for Spring ’18 if you are using other tools like Pardot, Inbox or a developer (specifically around Event Logs).
Additionally Salesforce has a new section in the Help for Data Protection & Privacy.
And finally there is a basic scenario guide, which looks at a number of common requests and suggested actions/things to consider to be compliant under the various privacy laws (including GPDR).