Zoeken
Contact
Blog

Salesforce & AVG

Here's how to make Salesforce AVG-proof

Monday morning, 9am. Your manager wants to know if Salesforce is already AVG-proof. As an application manager, you naturally want to demonstrate that it is fine and this blog post is going to help you do that!

 

Explicit consent

The Spring '18 edition of Salesforce introduces the 'Individuals' object. You can link this to leads and contacts, and it also contains some handy checkboxes. For example, you can register whether an individual's data may be shared. Activating this object can be controlled via the setup. Triggers are also included for modifying existing contacts. 

Right of inspection

Help, a customer wants an overview of all the data registered about them! The best way to do this is with an app such as Conga, which aggregates data from different objects into an accessible format. You can additionally use a workflow to automate e-mail sending. Another option is to use Community Cloud, which gives your customer control over the data captured.

Right to be forgotten

This is perhaps the trickiest aspect of the AVG. After all: personal data is at the heart of your crm system, with ramifications to a large number of objects. And you obviously don't want reports to be compromised by discarding accounts and contacts. As an alternative, you can think about anonymising or encrypting personal data. There are apps that can support you in this, such as Odaseva or DataPro Tools, used by a g-company customer. By the way, did you know that a deleted contact is still kept in the recycle bin for 15 days? Convenient, but also a potential violation of the law!

Privacy by design

Gdpr.jpg

The premise of the AVG is that you treat personal data with care, and enforce that when designing information systems. In that respect, you have made a good choice with Salesforce! With profiles, roles and permission sets, you have rock-solid tools to ensure proper data protection. Setting up the rights as tightly as possible at organisational level is a good start, and you can then add permissions per person or per function. Also pay attention to data minimisation. Only record data that is really necessary for your business operations and implement the retention periods you have agreed internally. Don't forget to document what technical measures you have taken and why.

Now let that manager come with his AVG questions. You are ready for it!

If you still have a question you can't resolve, please feel free to contact on with g-company for advice.

Related news

Children play in refugee camp in Lebanon

Stichting Vluchteling Increases Impact with Amp Impact & TwoPurpose

NGO 3.0: What is it and why is it so urgent?

AI: Powerful tool or untamed beast? Why AI is going to change the nonprofit sector

vfonds streamlines fundraising with Salesforce - teamwork, hands down

Finding and retaining volunteers? This is the key to success

Salesforce Non-Profit Cloud vs. Non-Profit Success Pack: the differences

Salesforce Nonprofit Cloud vs NPSP (Nonprofit Success Pack): the differences

Navigating Salesforce Nonprofit Cloud

Programme Management, Monitoring, Evaluation and Learning is chefsache

Salesforce Nonprofit Cloud & Findock: streamline your financial processes

Eighty years of Freedom

The future of Fundraising on the Salesforce platform

4 people in office looking at post-its by hour

The zeitgeist anno 2024: NGOs, now what?

Masterclass Impact Management Tool Selection

Keep me informed

Get useful Salesforce tips, event updates and new solutions for making an impact straight to your inbox. 

info@twopurpose.com
+31 (0) 85 303 9685

Technology partners

Sectors

More about us

Proud partners of
Salesforce impact partner
Vera Solutions
Follow us on:
Linkedin
Zoeken