Salesforce & GDPR: What happens next?

Salesforce & GDPR: What happens next?

“Although you may not think it, GDPR has absolutely nothing to do with marketing and everything to do with the way in which we use data for any purpose.”

Salesforce Architect and Consultant at Methods, Stephan Chandler-Garcia has really made GDPR his business over the last few years. Recognising the crucial importance of the legislation on the way we do business on the platform, he stepped in to fill the initial information vacuum. His concern was that there has always been a lot of misunderstanding around what these changes mean, and whether people had the access they needed to good information.

Setting up the GDPR Superheroes group was the first milestone in his information mission and ever since he’s been a regular speaker on the Salesforce circuit on the topic. Latterly, Stephan has put his expertise to good use by building his own app to address the challenges that Salesforce customers were facing.

Almost two months after the momentous GDPR ‘go live date’ of 25 May 2018, you might imagine that all interest in the topic had gone away. As a consumer, it certainly felt like GDPR peaked with the flurry of opt-in emails we all received at that time, only to disappear overnight again as though it had never been. Not so however – our customers still have questions. That’s why we invited Stephan along to talk at our recent Forcewest breakfast in Cheltenham. The question we had for him was simple….

So that was GDPR, now what?”

The answer, it seems, is that now organisations managed to get through the deadline with a ‘minimal viable GDPR approach’, many are still faced with the issue of actually executing the policies and procedures they put in place.

For example, there must be a purpose for holding someone’s personal data – and purpose can expire over time. Maybe they have downloaded a white paper, but failed to engage with you since then? The fact is that soon you will be obliged to delete this record. Many organisations are still managing this as a manual process e.g. via a monthly report detailing who is currently ripe for review. Of course, this is manageable, but for how long? Not forever, that’s for sure.

Organisations who have ongoing annualised contracts with their customers – potentially support customers or those who have warranties or policies- how are they managing their data? The fact is that the solutions that Salesforce offer out of the box are not adequate.

“People thought the individual object was the solution but in fact it was only the first layer of what they needed.”

Coming back to the earlier point, Salesforce is not a solution in itself. Of course, having all of your customer data in one place e.g. your CRM, is a big head start. Trying to manage data integrity in an organisation that runs off spreadsheets is quite simply a disaster waiting to happen.

However, in terms of keeping your data compliant, Salesforce is not forthcoming.

“Salesforce is a processor it does not want to be a controller. It will give you the tools and the framework, but will not make any of the decisions for you,” explains Stephan.

Case in point is the Individual object. One person’s personal details can exist several times in one Salesforce org, but under different objects. For example, if you have a Community log in then you will have a User record, but you will also quite likely exist in the same CRM as a Contact record. The Individual Object is a way to link the two data objects. However it’s worth noting that you can never delete a User in Salesforce – there is simply too much going on behind the scenes to allow that to happen. The way forward is to obfuscate the personal data, while keeping the record. While the Individual Object makes all of this possible, it doesn’t do the heavy lifting for you. Organisations will still need to determine and configure the business rules they need to make use of this new object – sadly it’s not a case of simply switching it on. 

Watch out for more change to come from Salesforce

There are more changes coming down the line, and if organisations felt GDPR was an upheaval then they are equally going to feel the pain of the ePrivacy regulations coming in next.  What we are seeing is not just a readjustment, with an expectation that pretty soon we will be back to business as usual. This is in effect just the start of a fundamental shift in the way society view their data rights. As a result, we are inevitably going to see a shift in the way that the world’s No.1 CRM tracks individuals’ consent preferences and manages their contact preferences in their system. Watch out, we’ve only just seen the start of the changes to come.

Stephan’s slides from this presentation at our Forcewest breakfast event.


Salesforce GDPR Next Steps
By Amy Grenham
26 July 2018
ForcewestSalesforceThe Good Systems Blog

Share this post

Catt to action

Amet aliquam id diam maecenas ultricies mi eget mauris

Lorem ipsum dolor sit amet, consectetur elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.