With the latest revelations and the fallout from the Facebook and Cambridge Analyticadata breach, there has never been more scrutiny on how personal data is shared and stored.
With this at the forefront of everyone's attention, perhaps the new General Data Protection Regulation (GDPR) couldn’t have arrived at a better time.
Instead of rehashing a lot of content already available online, I wanted to put together a list of helpful articles and resources. Hopefully, this list will help CIO’s, Admins and users of Salesforce get to grips with GDPR compliance quickly.
With the regulation coming into effect next month, it’s of critical importance you begin this process as soon as possible. I have been involved in my own company’s efforts to become compliant, however, this post should only be viewed as a source of useful information and in no way seen as legal advice.
It's also important to note that there are hefty repercussions for companies who break this regulation in the future - depending on the type of violation, companies will incur fines of up to €20 million or 4% of their global annual revenue (whichever is greater). With that said, if you require legal advice, it is highly recommended to consult a qualified solicitor or attorney.
With this in mind, let’s start at the beginning.
1. What is GDPR and when is it coming into effect?
Your first port of call should be the European Union's GDPR Portal.
The EU’s GDPR website provides key information on what’s involved and highlights the key changes from the 1995 Data Protection Directive. The regulation is an EU law on data protection and privacy for all individuals within the European Union and addresses the export of personal data outside the EU.
The primary goal of GDPR is "to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU".
"Even if you’re based outside of the EU but you control or process the data of EU citizens, the GDPR will apply to you."
When the GDPR takes effect, it will replace the 1995 Directive and will be in force from 25th May 2018.
2. Salesforce Website & GDPR Trailhead.
To get up to speed fast, your next stop should be the Salesforce website. Loaded with information, this is could be your one-stop shop for all things GDPR. With transparency and fairness at the heart of GDPR, the Salesforce website does a great job of highlighting the important elements that you should be aware of.
Take the Salesforce Trailhead.
What’s better than earning a Salesforce Trailhead badge and learning how to implement a GDPR compliance program for your own business. With this Trailhead, you can do just that as well as learn the ins-and-outs of the regulation and how it impacts your Salesforce instance.
3. GDPRSuperHeros - 5 Steps for Admins
This document was created by Stephen Gracia and is a great place to start for any Admins who are struggling or intimidated by the process.
Stephen covers 5 areas which include:
- Mapping out where personal data exists within your organisation
- Create a Data Story
- Review your Privacy Policy
- Start a Discussion
- Plan your training
It’s vital to begin creating a clear plan for your business and involve key stakeholders so they understand what changes are involved. Becoming GDPR compliant is a big undertaking for most businesses, so it’s important not to feel isolated and to receive as much help as possible.
4. SalesforceBen - Salesforce Spring ’18 Updates
If you’re a Salesforce user looking to pass certification exams, more than likely you have heard of Salesforce Ben. For those not in the know, Salesforce Ben is the leading Salesforce blog in the world, dedicated to covering news, tricks, certifications and career advice.
In this blog post, Lucy Mazalon discusses the new features in the Salesforce Spring ‘18 update that covers most of the essential developments around data protection and privacy.
One of the new important features is a standard object called ‘Individual’. This object is extremely important as it serves its purpose by storing a person’s data preferences – i.e. how they wish their data to be stored, used, and shared.
Source: SalesforceBen
This is a must-read for any admin or user interested in compliance.
5. Hubspot - How will GDPR affect the marketing industry?
Just 36% of marketers have heard of GDPR, while 15% of companies have done nothing, and are at risk of non-compliance.
Whether you're in Sales or marketing, the way you manage your lead generation activities will come under new, intensive scrutiny.
Every touchpoint on the customer journey where you capture information on customers (name, email, company, etc,) and store on it an internal or external database will need to be compliant with the new law. As most companies will be using marketing tactics such as landing pages, web forms, gated content etc. to capture details, it's imperative marketing managers understand how the law will affect them.
When I first saw the statistics quoted above, I was shocked. As a Twitter user and follower of some of the major tech journals, it is very hard to miss articles discussing GDPR and it’s impending enforcement.
Nonetheless, Hubspot has done an excellent job explaining what impact GDPR will have on your marketing activities and why you should welcome the change.
Conclusion
GDPR compliance is fast approaching and you need to be ready.
If you haven’t started the process already, the links above provide an excellent introduction and should be able to help you get the ball rolling.
Remember, it is important to build a plan and to keep open lines of communications with all team members so everyone is fully aware of the process and what’s involved.
If you have any questions or have useful links you think would help, please feel free to contact us at info@pexlify.com or me directly at colm.barry@pexlify.com.
Have a question about custom Salesforce Solutions? Give us a call on +353 1 515 7241 for a hassle-free chat.