GDPR Compliance in Salesforce system: Solve the mystery through Efficient Data Archiving

In this digital age, maintaining the privacy of user data and information has become imperative for an organization’s growth. Keeping this need for data privacy in mind, the European Parliament came up with a new data protection regulation. The General Data Protection Regulation (GDPR) dictates strict new rules and policies and sets new standards for protection of the personal data and privacy of the European Union citizens for transactions that occur within EU member states.

The GDPR presents a wide view of what constitutes personal identification information. Basically the GDPR protects the basic identity information (name, address, and ID numbers), web data (location, IP address, cookie data, and RFID tags), health and genetic data, biometric data, racial or ethnic data, political opinions, and sexual orientation. Things like an individual’s IP address or cookie data require the same level of protection as their name, address, or Social Security number.

For the organizations subject to GDPR, there are two broad categories of compliance that need to be followed: data protection and data privacy. Data protection means keeping the data safe from unauthorized access while data privacy means empowering the users to make their own decisions about who can process their data and for what purpose. The Salesforce platform ensures that both the key ingredients are taken care of through platform encryption, field audit trail, and two-factor authentication. It also offers Https encryption, secured firewalls, IP login restrictions as well as many third-party certifications that ensure all data centres are secured.

Some of the key privacy and data protection requirements of the GDPR include:

• Requiring the consent of subjects for data processing
• Anonymizing collected data to protect privacy
• Safely handling the transfer of data across borders
• Providing notifications in case of data breach
• Requiring companies to appoint a data protection officer to oversee GDPR compliance

In case there is a failure to comply with the GDPR privacy and security standards, it has the provision to levy harsh fines against the violators, with penalties reaching into the tens of millions of euros. The less severe infringements can result in fines up to €10 million, or 2% of the firm’s annual turnover, whichever amount is higher. The more serious infringements that go against the very principles of the right to privacy that are at the heart of the GDPR can result in fines of up to €20 million, or 4% of the firm’s annual revenue, whichever amount is higher.

In the process of GDPR compliance, most enterprises take the road of securely archiving the Salesforce data into different external storage systems. Through data archiving, companies can exert tighter control over their data, make data retrieval easier, and reduce the risk of GDPR violations through better compliance with GDPR requirements. Archiving the data also comes with its own set of benefits in terms of storage costs reduction, better CRM performance, and better analytics.

One such popular Salesforce data archiving solution is DataArchiva, one of the top Salesforce AppExchange archiving applications. DataArchiva is an EXTERNAL data archiving solution that lets the Salesforce enterprise customers archive their historical data in their preferred external storage system without losing out on the data integrity.

• Once DataArchiva is downloaded and installed in the customer’s Org, no data is exposed to the outside environment. Customers have complete control over configuring their external storage after which all archived data resides in the customer’s configured external system.
• As DataArchiva deals with old data that is currently not active, none of this data can be processed. The application only provides access to view the data and no edits can be made to the archived data in the Salesforce instance.
• With regard to DataArchiva, any archived data is deleted from the Salesforce live instance and is moved to the customer’s external database. Once this data is restored, it gets deleted from the archived databases and moves back to the Salesforce instance.
• With respect to the data security, DataArchiva is properly aligned with the roles, profiles, and user-level permissions of Salesforce. Any archived data that is viewed from the Salesforce instance follows the same Salesforce access protocols.
• DataArchiva’s provider does not have any access to the data and it’s purely managed by the customers who install the solution in their Salesforce instance. It also has proper permission sets that allow customers to provide controls to authorize users to archive, view, and restore data.

Therefore we can see that DataArchiva is actually GDPR compliant in true senses. With this application organizations can easily meet their GDPR compliance directives and stay away from paying heavy penalties. Currently, this application supports several Cloud & On-premise database service platform providers like Amazon, Google, Azure, Heroku including various databases such as Postgres, Redshift, MySQL, Oracle, MS SQL, and more. To know more, please get in touch with us.