Data ModelFeaturesReleases

Spring ’18 Deep Dive: GDPR Features

How will the Spring '18 release, help you with GDPR compliance?

Simple put, GDPR is inescapable for those dealing with individuals within the EU.  In the last post we took a look at what GDPR is and how to start preparing for it.  Additionally, within the next month we also have Spring ’18 release going live.  So the good news is there is a number of GDPR features included to assist Admins prepare…

Recap: What is GDPR?

General Data Protection Regulation, otherwise known as GDPR, is the new privacy regulation coming into force in 2018.  It will replace the EU’s previous Data Protection Directive, and align privacy laws and regulations across all EU member states.

Part of the GDPR is the retention and removal processes re: personal data after a period of time.  Companies should only retain personal data for as long as needed.  So for example, if you have contact details of a person which is linked to contract data you may need to retain it for 7 years.  Versus simply having a contact on a mailing list, retaining the data for this long may not be justifiable.

For more details, take a look at my last post for the what/when/how of GDPR.

GDPR: Be Prepared

GDPR is ultimately an update to a number of data/privacy regulations across the EU.  But the easiest place to start for most companies is to map out and understand the following: 

  • where your data comes from. (eg web-to-lead, email-to-case, data.com, users entering in the data),
  • how it gets used/stored. (eg are there integrations which also use the data, is it stored outside of Salesforce, are records stored in standard and custom objects within Salesforce),
  • what business processes which clean up or remove data. (ie how long does your company need hold onto personal data for (and for what purpose)? Is there already a process to remove personal data?)

Once you understand there where, how and what of your data, you will then understand where the following features and changes may help and support you.

Spring ’18 & GDPR Features

Salesforce Data Privacy Record - aka Individual Record
A sample Salesforce Data Privacy Record – aka Individual Record in Spring ’18 Preview Sandbox (click to view full image)

Data Privacy Records (aka Individuals)

Spring ’18 release brings with it a new setting under Company Profile within Setup.  The setting to enable Data Protection and Privacy, will expose the new object ‘Individuals’ within your org.

This new object connects to either a contact or lead record within Salesforce to store data privacy settings for that person. So for example you can store the customer’s preference re: soliciting products and services.

A key note here is that in the preview instances of Spring ’18, Individuals it isn’t treated like other objects and doesn’t have a standard tab available to access the object.

But a gentle word to note before we go through how to set this up.  As with any changes to a production system, it will require planning before setting this up to ensure it works for your processes.  A number of these changes below may also require assistance from a developer or changes to your marketing platform via API.  This is not entirely a point and click setup…

1. Activate the feature within Setup

Lightning: Setup -> Company Settings -> Data Protection and Privacy
Classic: Setup -> Company Profile -> Data Protection and Privacy

This will expose the new Individual object, with the standard fields within your org.  Most of these fields are created for the purpose of tracking opt-out requests and personal preferences.

Some examples include:

If a contact opts-out of geo-location tracking, you can store that preference here.

You can even store the D.O.B of the person and indicate if they are considered a minor or not.  (You might need to do this as minors carry different standards for elements like data retention under GDPR.)

And good news is you can also add custom fields to this object if you wish to.

2. Update Page Layouts

Add field to relevant page layouts on contact & lead objects.  Salesforce also suggests to rename the field label from ‘Individual’ to something more meaningful to your users.

3. Existing Contacts/Lead Records

There is a code-based solution to create data privacy records for existing contacts & leads within your Salesforce, which also includes code for handling person accounts.

I won’t go through the code here.  But if you are interested, you can take a sample of the code here.  Remember you will need to execute this somehow (ie start the code running), so you may need help from a developer friend(s).

4. New / Changes to Preferences

Finally, you will also need to plan how new records get managed within Salesforce.

Will an Individual record be created when a contact or lead is created?  What about field updates / etc?  Do you do this via a trigger in Salesforce or via API from your email platform?

And what do you get at the end of this?  A new record of course … 🙂

 

bad data quality ahead

Data Quality & Duplicate Jobs

GDPR features in Spring also come in the form of expanded functionality.  Spring ’18 release provides an update for its out-of-the-box duplicate management to allow Admins to run a duplicate job.

Previously matching rules would run when a record was being added or updated by a user.  This would then either alert the user or block the user, depending on how the Admin had set it up.

But in Spring ’18 release, us Admins can now run a “Duplicate Job“.  This allows you to use (or create) a matching rule and then run a search within Salesforce to find duplicates.  Once a Duplicate Job completes, you will be able to take action by comparing and merging records, right from the summary page.

Duplicate Job within Spring 18 release
Duplicate Job within Spring 18 release.

Changes to Web to Case and Web to Lead

Spring ’18 release also brings another GDPR feature.  This time there is a slight update to how failed Web-to-Case and Web-to-Lead emails are handled.

When a Web-to-Case and Web-to-Lead fails an email is generated automatically to advise.  This email will no longer include any personal data inserted by a third-party application.

Data.com for UK/Ireland Contacts

This only impacts users who are using Data.com Prospector or Clean.

Data relating to contacts stored within Data.com Connect (only UK & Ireland) will now be removed from the Connect database.

Also the Clean Status field on a Contact/Lead records will be changed to ‘Not Found’.

Wrap Up

As you can see there is a lot to cover, and Salesforce is enabling businesses to become GDPR compliant with all the GDPR features in Spring ’18.  There is still more to read in the Release Notes for Spring ’18 if you are using other tools like Pardot, Inbox or a developer (specifically around Event Logs).

There is support at hand, and if you haven’t already I would strongly recommend completing the Trailhead modules setup for GDPR Basics (and there is also a trail for US Privacy Basics too).

Additionally Salesforce has a new section in the Help for Data Protection & Privacy.

And finally there is a basic scenario guide, which looks at a number of common requests and suggested actions/things to consider to be compliant under the various privacy laws (including GPDR).

Tags
Show More