How to Get Your Org Ready for GDPR Compliance | Salesforce Org GDPR : Strongpoint

How to Get Your Org Ready for GDPR Compliance | Salesforce Org GDPR
by: Strongpoint
blow post content copied from  Forcetalks
click here to view original post

In a mature Salesforce Org with hundreds of thousands of records, it might be difficult to know where to start on GDPR compliance. In this post, we’ll cover the steps you need to take to get your Salesforce Org GDPR compliant.

Why is GDPR Compliance Important?

The General Data Protection Regulation (GDPR) puts individual rights at the centre of data protection — and enforces heavy regulatory fines for organizations that do not safeguard these rights.

GDPR requires organizations to understand what types of data they collect, and how that data is being used and stored. Often, this means rewriting processes and rethinking how personal data is handled; as you can imagine, this is no easy task, especially in customizable systems like Salesforce.

To get you started on your journey, we’ve compiled a list of best practices and steps you can take today to get your Salesforce Org GDPR compliant from the ground up.

Your GDPR Compliance Checklist

1. Get familiar with the terms and conditions of GDPR

As you can imagine, understanding the GDPR framework and its implications is fundamental for compliance. The first step will be determining whether your organization is subject to GDPR (to put simply, if you sell your products/services to EU residents or have their information in your database, then you are). Then, you’ll need to assess the different rights outlined in the framework to see how they apply to you — and how you can ensure you’re complying with them.

2. Designate a leader or committee to own the project

Once you’ve got a handle on what GDPR means for your organization, you will need to designate a leader or committee to oversee the project. The project owner will be an important advocate to management, and will be crucial to securing buy-in or approval, aligning departments, and raising awareness more broadly as to why GDPR compliance is important.

dont miss out iconDon't forget to check out: GDPR & Telephony Consenting & Forgetting In Salesforce

3. Assess your current processes

After you’ve gotten buy-in and created a team of leaders to own your compliance project, you’ll need to review existing processes to identify pain points. Your goal here should be to ensure you can comply with data subject requests (ie, if an individual requests to have their data deleted). To do this, you’ll need to identify where you store personal data, create a data inventory and complete a privacy impact assessment on high-risk processes.

4. Establish Controls

Once you’ve reviewed your current protocols, you should have an idea of where new processes and additional controls are required. Some common measures might include creating data subject consent preferences, ensuring privacy disclosures are sent/present when data is collected, creating contracts with vendors that receive personal data, or establishing a process for reporting security breaches, disposing of data, and classifying your data.

Below, we cover some of the technical considerations of building new controls and processes for GDPR compliance in Salesforce.

5. Document all of your activities

Documentation is another critical step in any compliance project. Given that GDPR is a regulated framework, there will be auditors assessing your system to ensure compliance — and the easiest way to prove that you are adhering to GDPR’s policies is by documenting all of your compliance activities. Keep copies of your data inventory and processing activities, as well as all written policies, training materials and contracts.

Technical Considerations

While the steps above are a good baseline for creating a GDPR compliance framework, there are some specific questions and considerations that we didn’t detail. Take a look below to ensure you’re addressing the right things in your compliance strategy.

Data Collection:

  • Where is the data you’re collecting coming from?
  • What information are you collecting?
  • What reason are you collecting this information?
  • Do you have consent to collect it?
  • Does this data include Personally Identifiable Information (PII)?

Data Processing:

  • How do you process this information?
  • Who is processing this information?
  • Are you keeping a record of your processing activities?
  • How often are you processing this information?

dont miss out iconCheck out another amazing blog by Strongpoint here: Salesforce Security 101: What is PII Compliance?

Access and Deletion Rights:

  • How accessible is the information I’ve collected?
  • How will I export personal information to an individual?
  • How will I ensure I’ve deleted all PII of an individual present in my system?
  • Have I sent the collected data to a third party? If so, how will I retrieve and have it deleted?

Implementing a comprehensive compliance strategy can be a daunting task — but if you follow the steps above, you’ll be well on your way to getting your Salesforce Org, or any business-critical application you run, GDPR-compliant. Head to Salesforce to learn more specifics about GDPR compliance in your Org — or check out our data classification page to learn how Strongpoint can help.

The post How to Get Your Org Ready for GDPR Compliance | Salesforce Org GDPR appeared first on Forcetalks.

September 06, 2022 at 10:34PM
Click here for more details...

The original post is available in Forcetalks by Strongpoint
this post has been published as it is through automation. Automation script brings all the top bloggers post under a single umbrella.
The purpose of this blog, Follow the top Salesforce bloggers and collect all blogs in a single place through automation.