Data protection and privacy regulations can require you and your company to keep individuals’ personal data secure and private. These are some of the regulations that are important to many companies collecting and processing their customers’ data.
General Data Protection Regulation (GDPR) – European Union :
Below are few Key principles of the GDPR:
- Fairness and Transparency: Organizations must always process personal data lawfully, fairly, and in a transparent manner.
- Purpose Limitation: Organizations can collect personal data only for specified, explicit, and legitimate purposes. They cannot further process personal data in a manner that’s incompatible with those purposes.
- Data Minimization: Organizations can collect only personal data that’s adequate, relevant, and limited to what’s necessary for the intended purpose.
- Accuracy: Personal data must be accurate and, where necessary, kept up to date.
- Data Deletion: Personal data must be kept only for as long as it’s needed to fulfill the original purpose of collection.
- Security: Organizations must use appropriate technical and organizational security measures to protect personal data against unauthorized processing and accidental disclosure, access, loss, destruction, or alteration. Depending on the specific use case and personal data processed, the use of data segregation, encryption, pseudonymization, and anonymization is recommended, and in some cases required, to help protect personal data.
Personal Information Protection Act (PIPA) – Japan
Health Insurance Portability and Accountability Act (HIPAA) – United States
Privacy Act – Australia
Personal Information Protection and Electronic Documents Act (PIPEDA), Canada
Enhancements to the individual objects:
- Determine which data Privacy Record to retain when merging Records:
If you want to retain most recently modified privacy record, go to
set up -> Enter Individual Setting in the quick find box
Select individual Setting and then select “Retain Most recently modified data privacy record”
- The Individual object supports standard object features:
The data privacy records you create based on the Individual object help you store certain data privacy preferences for your customers. Regardless of whether you’re complying with data protection and privacy regulations, such as the General Data Protection Regulation (GDPR), these records help you honor your customers’ requests for privacy. The Individual object now supports all standard object features.
- Make user’s personal data unusable by Salesforce at their request:
If users don’t want their personal data recognized in salesforce, you can permanently scramble it with the new “System.UserManagement.obfuscateUser” Apex method
obfuscateUser() affects the standard fields of the user object, excluding a few fields , such as the User ID, Time Zone , Locale and profile.
Note: when you invoke the method for a user, the data becomes anonymous and you can never recover it.
To enable this feature, set up -> User Management Settings ->select Scramble Specific Users’ Data.
After enabling here, you can invoke System.UserManagement.obfuscateUser through Apex triggers, Work flows, Processes or Developer Console.
Note: Salesforce was the first top-10 software company in the world to protect its customers’ data with binding corporate rules for processors approved by European data protection authorities. Salesforce was also one of the first companies in the world to certify compliance with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework.
ForceFamily 