Understanding Salesforce’s GDPR Compliance


How would the global leader in CRM industry deal with the new GDPR privacy law? That is a pretty valid question when the GDPR implementation date is just a month and a half away. The privacy law would be implemented on 25th of May 2018 and every company dealing with the data of EU citizens has to oblige.

Salesforce has always been vigilant about clientele data protection and as a company, they have welcomed the General Data Protection Regulation (GDPR) officially. This has been taken as an opportunity by the organization to strengthen their customers’ data security.

Compliance with the GDPR is a two-way process as it involves the service provider and the customers. Salesforce has already shown commitment to comply with the GDPR. They have made changes in their products and documentation to fulfil the requirements of the privacy law.

Previous Steps for Data Protection

Salesforce has been working continuously in the previous years to provide data security to their customers. The commitment can be witnessed in the actions being taken in the previous years for this purpose. Let’s have a look at all of the significant steps being taken by the company:-

  1. When the European Court of Justice invalidated the EU-U.S Safe Harbor Platform in October 2015, the company presented a data processing addendum to the customers for data transfer through Salesforce.
  2. It became the 1stamong the top 10 software companies to be approved for binding corporate rules for processors by European authorities responsible for data protection.
  3. The company also became one of the first companies in 2016 to attain compliance with EU-U.S Privacy Shield Framework.

Guidance for the Customers

Not only are they working hard to comply with the GDPR but they are also guiding their clients to follow the regulations properly. Recently they have released a GDPR resource website and announced to upload multiple white papers for explaining the law more clearly to the customers.

A trailhead module has been launched which is titled “EU Privacy Law Basics”. It provides key GDPR points as well as the necessary actions required for different organizations. An additional data processing addendum has also been provided to the customers to help them comply with the GDPR. All of these resources are free of cost and are provided to the customers across the board.