Salesforce.org and the GDPR

The European Union (E.U.) General Data Protection Regulation (GDPR) was passed in 2016 with the intent of harmonizing European data protection laws into a single set of rules, while setting a new global gold standard for data protection and privacy. In effect on May 25, 2018, the GDPR is one of the most comprehensive and strictest regulations of its kind in the world.

At its core, the GDPR boils down to three key pillars:

  • Security: Keep data safe and secure, and prevent unauthorized access or processing.
  • Accountability: Require companies to be accountable and transparent in how they collect, process, and protect personal data.
  • Individual Rights: Put control back into the hands of the individual to determine how their data is collected and used, such that companies are expected to process personal data on the individual’s terms.

If you process personal data related to your organization’s establishment within the European Union (E.U.), from or about persons within the E.U., or outside of the E.U. but where E.U. law applies, you may be subject to the GDPR. We advise you to consult with legal professionals to determine whether your organization falls under GDPR requirements.

Salesforce has provided extensive information on its website with guidance to help accelerate your GDPR compliance journey within Salesforce, including for the Salesforce Platform, Sales Cloud, Service Cloud, Community Cloud, Marketing Cloud, Commerce Cloud, and Pardot.

Salesforce.org has similarly analyzed our products built on the Salesforce Platform against GDPR requirements, identified and deployed enhancements, and generated documentation to help our customers meet their compliance objectives.

As such, the following documentation is intended to supplement the guidance provided by Salesforce with use cases, examples, tips, and other considerations specific to our applications, including:

As an important reminder, while the information provided here and from Salesforce is intended to help you navigate possible ways to meet your compliance needs, these are only guides for your consideration, and not guarantees for ensuring compliance with any legal rule. You are responsible for your compliance in your use of Salesforce and Salesforce.org products and services. We strongly recommend you work with your advisors, including legal counsel, to determine whether you have a legal obligation, and come up with a compliance plan.

Additional Resources