ODASEVA FOR GDPR
Odaseva Data Platform: comply with personal data requirements of GDPR
GDPR – What is it?
The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. The GDPR aims primarily to give control back to European citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Who is it for?
Every company (not only European) managing Personal Data from European citizen are concerned with the new regulations. The European Commission introduces also the concept of co-responsibility between data controller (your company) and data processors (Salesforce for instance).
When do you need to comply?
May 25, 2018 ! Potential fine for non compliance would be 20M € or up to 4% of the annual worldwide revenue of your organization.
What Salesforce is Doing
Salesforce welcomes the GDPR as an important step forward in streamlining data protection requirements across the EU and as an opportunity for Salesforce to deepen its commitment to data protection. Similar to existing legal requirements, compliance with the GDPR requires a partnership between Salesforce and customers in their use of Salesforce services. Salesforce will comply with the GDPR in the delivery of its service to their customers. Salesforce is also dedicated to helping its customers comply with the GDPR. They have closely analyzed the requirements of the GDPR and are working to make enhancements to their products, contracts, and documentation to help support Salesforce’s and customers’ compliance with the GDPR.
8 DATA APPS TO ACCELERATE YOUR COMPLIANCE
You must back up the personal data of data subjects
GDPR Article 32-1.c
Backup personal data in case users, admins or integrations corrupt Salesforce data.
Data Breach Detection
You must detect data breaches to notify supervisory authorities
GDPR Article 33.1
Get alerts when personal data is massively corrupted (i.e. Ransomware), deleted or downloaded (with Shield Event Monitoring).
You must implement Data Minimization with measures such as pseudonymization
GDPR Article 25.1
Anonymize personal data in your full sandbox to remove access from consultants, developers and admins. Pseudonymize it to keep valuable business data for analytics.
GDPR DATA MANAGEMENT
Right of Access
You must provide personal data access to data subjects
GDPR Article 15.3
Target specific personal data from Salesforce and make it accessible to data subjects, human error free, in Salesforce, via our API, or directly in Communities.
Right to Portability
You must provide personal data in a machine-readable format to data subjects
GDPR Article 20.1
Extract personal data in CSV files, excluding business records or fields belonging to your company, and make it accessible in Salesforce, via our API, or directly in Communities.
Right to be Forgotten
You must erase personal data within 30 days when requested
GDPR Article 17
Automate personal data erasure. Based on your specific data model, combine deletion, anonymization, pseudonymization and “leave untouched”, at the record or field level.
You must keep some personal data to meet regulations or to assert a right in court
GDPR Article 5.1.e, 30.1.f
Set up a custom personal data archiving/retention plan and restrict access to personal data while keeping admin rights for when you need it.
You must establish a data lifecycle/retention policy ahead of processing
GDPR Article 25.2, 5.1.e
Set up an automated personal data storage limitation using a fully automated Hot-Warm-Cold-Forget data tiering strategy.