What is the GDPR?
The GDPR, or the General Data Protection Regulation, is a comprehensive data protection law in the EU that strengthens the protection of personal data in light of rapid technological developments, increased globalization, and more complex international flows of personal data. It updates and replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.
What does the GDPR regulate?
The GDPR regulates the “processing” of data for EU individuals, which includes collection, storage, transfer, or use. Any organization that processes personal data of EU individuals is within the scope of the law, regardless of whether the organization has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).
Does the GDPR require EU personal data to stay in the EU?
No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU. The key changes are the:
- Expanded data privacy rights for EU individuals
- Data breach notifications
- Added security and accountability requirements for organizations
The GDPR also officially recognizes Binding Corporate Rules for organizations to legalize transfers of personal data outside the EU, and includes a 4% global revenue fine for organizations that fail to adhere to the GDPR compliance obligations. Overall, the GDPR provides a central point of enforcement by requiring companies to work with a lead supervisory authority for cross-border data protection issues.
Salesforce is Committed to Privacy
Salesforce was the first top-ten software company in the world to protect its customers’ data with binding corporate rules for processors approved by European data protection authorities. Salesforce was also one of the first companies in the world to certify compliance with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework.
Salesforce services have Trust and Compliance documentation published for each major offering. This documentation describes the architecture of each service, the security- and privacy-related audits and certifications the service has received, and the applicable administrative, technical, and physical controls.
Because of these privacy initiatives, Salesforce welcomes the GDPR as an opportunity to deepen their commitment to data protection. Similar to their existing legal requirements, compliance with the GDPR requires a partnership between Salesforce and their customers in their use of these services. Salesforce services will comply with the GDPR in delivery to customers. Salesforce is also dedicated to helping their customers comply with the GDPR. They are working to make enhancements to their products, contracts, and documentation to help support Salesforce’s and their customers’ compliance with the GDPR.
Mastech Digital & Salesforce
As a Salesforce Registered Consulting Partner, Mastech Digital, a leading digital transformation services company, is well-attuned to the changing data requirements of global corporations and the international regulations governing that data and its usage. We help our customers build a team, assess the organization to identify all systems where the organization stores personal data, and create a data inventory. In later phases, we assist customers in the establishment of controls and process, and the creation and compilation of documents to become and to remain compliant. As a result, the Salesforce practice at Mastech Digital is well-poised to make your organization data-savvy and future-ready.
Salesforce Practice Director