How to Protect your Salesforce Data
By Jennifer Wood
One of the main responsibilities of managing a Salesforce system is to keep your Salesforce Data and System Secure.
Over the next four weeks we help you to review the risks related to data and system security, we will unpack the difference between data management and data governance. We will help you to create a data security strategy, and show you how to secure your system and data.
As part of this series download our FREE Salesforce Data and Security Action Plan and access a FREE TRAINING course on Principles of Salesforce SaaS Data Protection with Francis Pindar. This course holistically covers the what, why, and how of Salesforce SaaS data protection with proven best practices and hands-on lab exercises.
This 4 part Data Governance & Management series includes:
- Part 1 – Is your Salesforce Data and System Secure?
- Part 2 – What is Data Governance v Data Management?
- Part 3 – How to Monitor and Manage Data Incidents
- Part 4 – How to Protect Your Salesforce Data
How to Protect your Salesforce Data
In Part 4, we look at how to comply with Data Protection requirements and to track changes related to data in your data in your system.
Take the steps to plan your Salesforce Data and Security and prevent, identify and deal with any incidents if they occur. It’s important to have an data and security action plan in place for your system.
As a Salesforce admin, architect, or consultant, securing your Salesforce data is of critical importance to your organisation’s cybersecurity.Â
Tracking Field History
Salesforce out of the box only allows you to track history on 20 fields per object so to achieve data protection requirements you might need to look at alternative ISV apps such as Processity.
To align with data protection and GDPR regulations, it is essential to track the history of consent fields, ensuring that you maintain records demonstrating compliance. Here are the key consent fields you should track history on and the recommended duration for retaining these records:
Key Consent Fields to Track History on:
Identity of the Data Subject:
o Name, email, or any other unique identifier of the individual giving consent.
Date and Time of Consent:
o The exact timestamp when consent was given or withdrawn.
Form and Method of Consent:
o Whether consent was given electronically, in writing, or verbally, and the specific mechanism used (e.g., checkbox on a web form).
Specifics of Consent:
o Details on what exactly the individual consented to, such as specific data processing activities, purposes, and the types of data being collected.
Version of Consent Text:
o The exact wording of the consent statement at the time of consent, including any privacy policy or terms referenced.
Source of Consent:
o The context or platform where consent was given (e.g., website, mobile app, in-person).
Withdrawal of Consent:
o Records of when and how consent was withdrawn, if applicable.
Recommended Duration for Retaining Consent Records
Under GDPR, there is no specific duration mandated for retaining consent records. However, you should keep consent records for as long as the data is being processed and as long as necessary to demonstrate compliance with GDPR. Here are some practical guidelines:
Active Processing:
o Retain consent records for as long as you are processing the data subject’s information based on that consent.
Post-Processing:
o After you stop processing the data, retain the consent records for a reasonable period to demonstrate compliance, typically for the statute of limitations for any legal claims (commonly 3 to 6 years, depending on the jurisdiction).
Withdrawal of Consent:
o If consent is withdrawn, retain the record of the original consent and the withdrawal for a reasonable period, as evidence of your compliance and the actions taken.
Best Practices
Data Minimisation:
o Only retain consent records that are necessary for demonstrating compliance.
Regular Reviews:
o Periodically review and securely delete consent records that are no longer needed.
Security:
o Ensure that consent records are stored securely to prevent unauthorized access and breaches.
Audit Trails:
o Maintain detailed audit trails to provide a clear history of consent actions.
By diligently tracking and retaining these consent fields, you can ensure compliance with GDPR requirements and be prepared to demonstrate your data protection practices if audited or challenged.
Are you prepared to protect and secure your data?
Get prepared with our free download and training and check out how to Protect and Secure your Data with these Three Tools:
Your Data Management Solution:
Your Cloud Back Up Solution:
Your Field History Tracking Solution:
Recent Posts
Written By:
Subscribe To Our Weekly Top Tip Bulletin
Get Updates And Learn From The Best