GDPR & Cookies: How Salesforce can help you to easily comply

GDPR and cookie policy are issues that Salesforce users can solve without complications. This leading CRM platform understands the importance of this legislation and helps its customers to comply with it. Throughout this article, we’ll explain how!

Nuvolar Works

Jan 11, 2022 · 6 min read

GDPR & Cookies: How Salesforce can help you to easily comply

GDPR and cookie policy, as well as the treatment of personal data are issues that Salesforce users can solve without complications. This leading CRM platform understands the importance of this legislation and helps its customers to comply with it. Throughout this article, we’ll explain how to set your marketing tools in accordance with European regulations.

Salesforce is the first global developer of cloud solutions to offer tools to protect users’ data. Specifically, Salesforce CRM uses binding corporate standards for data processors that have been approved by the European authorities.

Moreover, Salesforce worked closely with European legislators, EU data protection authorities, and industry associations during the GDPR drafting and approval processes.

As a result, the company undertook a commitment to full compliance with the General Data Protection Regulation in providing services to its customers.

This obligation extends to ensuring that users of its solutions can continue to use them while also complying with legal requirements.

However, this compliance requires close collaboration between Salesforce and its customers. Below we will see how this solution can help companies that use it to proceed according to legal guidelines.

Salesforce features cover key aspects of GDPR & cookie policies

As previously mentioned, Salesforce is committed to complying with GDPR and cookie policies as a cloud processor. Here are some of the Salesforce features and tools that address the most common GDPR requirements:

1. Rights of users in relation to the processing of their data

In 2018, Salesforce introduced the Individual Object into its applications. This provides an easy way to store the simple consent of prospects. It is possible to enable the Individual Object in the “Company Settings and Data Protection & Privacy” menu.

Here, users can find a check box that allows data protection details to be available in the records. In both standard and custom fields, it is possible to register preferences related to:

  • Storage, use, and permission to share data.
  • Monitoring of geolocation data and web activity.
  • Deletion of logs and linked personal data.

In addition, Salesforce ensures that all of its cloud applications are compliant with GDPR requirements and have standard functionality for:

  • Deleting preferences or activities (right to be forgotten, article 17).
  • Exporting data (right of portability, article 20).
  • Managing consent in general and within its limitations.

On the other hand, Salesforce allows users to manage all the overall consent (data restriction, data erasure, data portability, and more).

2. Security & Architecture

Article 24 of the GDPR requires the data controller to implement “appropriate technical and organizational measures in order to ensure and be able to demonstrate that the processing is in compliance…” with the legal instrument in question.

Further on, Article 32.2 indicates that these measures must be appropriate to the level of risk posed by the processing of the information and to protect against unauthorized processing, access, and disclosure; as well as accidental loss, destruction, or alteration.

In this regard, Salesforce has consistent security and privacy programs with the highest standards in the market. The multi-tenant architecture under which Salesforce services operate is designed to classify and restrict access to data based on business needs.

This architecture provides a logical and efficient separation of data from the company’s different customers by means of specific unique identifiers., allowing access privileges via client and user roles.

Likewise, Salesforce implements planned procedures to ensure that data processing is carried out in accordance with the customer’s instructions throughout the entire chain of activities.

3. Safety controls and certifications

Salesforce Services has a set of security policies, controls, and procedures that support data security conditions.

These are described in the platform’s security, privacy, and architecture documentation.

Thanks to this focus on security, Salesforce has been awarded multiple certifications and audit reports Legal transfer of data outside the EU, vital to comply with GDPR and cookies policy

Salesforce provides its users with data processing with strong privacy commitments that few cloud providers can match.

These privacy add-ons include data transfer parameters that ensure the transmission of personal data to Salesforce outside the European Union in a fully legal manner, based on binding rules assumed by the organization or standard contractual clauses.

This is in accordance with Chapter V (Articles 44 to 50) of the Regulation in question.

Let’s take a look at how Salesforce performs such data transfers:

4. Binding Corporate Rules

Binding Corporate Rules (BCRs) are company-level data protection policies approved by European data protection authorities. Such measures facilitate transfers of personal data from the European Economic Area (EEA) to third countries.

The BCRs are based on rigorous privacy principles established by the authorities, with whom intensive consultation is essential for their implementation. Salesforce was the first software developer in the world to obtain approval for binding corporate rules for data processors.

5. Standard Contractual Clauses

SCCs are legal contracts between parties transferring personal data from Europe to third countries. The European Commission approved the Standard Contractual Clauses reflecting detailed obligations related to the protection of personal data.

6. Training Program

It is true that Salesforce provides a number of tools in its applications to support GDPR compliance. However, the involvement of the customer and its partners is essential.

Any organization subject to European regulation can take steps to ensure full compliance. Through its Trailhead resources, Salesforce offers an interesting GDPR compliance readiness program for users of the tool.

Nuvolar customizes Salesforce CRM, ensuring compliance with GDPR and cookie policies

Nuvolar is a technology company specialized in Salesforce CRM customization, on whose platform it has years of experience developing applications.

This in-depth knowledge of the leading brand in Customer Relationship Management solutions allows Nuvolar to adapt Salesforce products to the characteristics and needs of any company, regardless of the industry in which it operates. Having a knowledgeable partner is crucial when verifying and enhancing specific functionalities for GDPR compliance.

Nuvolar’s staff of multidisciplinary professionals is specialized in advising on all the details related to such customization and executing it in the agreed time.

Contact us and get to know more about all our services in the development of customized solutions based on SalesForce!


About Nuvolar:

We are a digital innovation consulting company dedicated to one unique purpose: helping businesses adopt world-class software solutions on the cloud so they can succeed!