At its core, the GDPR boils down to three key pillars:
- Security: Keep data safe and secure, and prevent unauthorized access or processing.
- Accountability: Require companies to be accountable and transparent in how they collect, process, and protect personal data.
- Individual Rights: Put control back into the hands of the individual to determine how their data is collected and used, such that companies are expected to process personal data on the individual’s terms.
If you process personal data related to your organization’s establishment within the European Union (E.U.), from or about persons within the E.U., or outside of the E.U. but where E.U. law applies, you may be subject to the GDPR. We advise you to consult with legal professionals to determine whether your organization falls under GDPR requirements.
Salesforce has provided extensive information on its website with guidance to help accelerate your GDPR compliance journey within Salesforce, including for the Salesforce Platform, Sales Cloud, Service Cloud, Salesforce Experience Cloud, Marketing Cloud, Commerce Cloud, and Pardot.
Salesforce.org has similarly analyzed our products built on the Salesforce Platform against GDPR requirements, identified and deployed enhancements, and generated documentation to help our customers meet their compliance objectives.
As such, the following documentation is intended to supplement the guidance provided by Salesforce with use cases, examples, tips, and other considerations specific to our applications, including:
- Nonprofit Success Pack (NPSP)
- Volunteers for Salesforce (V4S)
- Higher Education Data Architecture (HEDA) and
- Salesforce Advisor Link (SAL)
As an important reminder, while the information provided here and from Salesforce is intended to help you navigate possible ways to meet your compliance needs, these are only guides for your consideration, and not guarantees for ensuring compliance with any legal rule. You are responsible for your compliance in your use of Salesforce and Salesforce.org products and services. We strongly recommend you work with your advisors, including legal counsel, to determine whether you have a legal obligation, and come up with a compliance plan.
Additional Resources
- Salesforce’s GDPR website
- European Union Privacy Law Basics Trailhead Trail
- Salesforce External FAQ on the GDPR
- Salesforce GDPR Fact Sheet
- Salesforce.org Data Processing Addendum
- GDPR Group in the Salesforce.org Power of Us Hub Community
- Trust & Compliance Documentation (applicable to Salesforce products)