Is your organization GDPR compliant? Though it has been a little while since this regulation passed,  many organizations still struggle to answer this question. If you’re relying on Salesforce technologies in your businesses you’re on the right track. However, there’s more to consider if you want to ensure that your organization is completely GDPR compliant. In this post, we’ll tell you what you need to know about Salesforce GDPR compliance and break down what this regulation really means for your business.

What is GDPR?

Salesforce describes GDPR as a regulation that is ushering in a new era for data privacy. The general data protection regulation impacts businesses in the EU and organizations that do business in the EU. This regulation shapes the way that businesses are required to protect and handle information. The goal is to enhance the rights that citizens have over their data in the digital space. While this regulation was passed in the EU it applies to businesses globally because any organization that does business in the region can be fined if they’re not compliant.

What does GDPR regulate? 

GDPR changes the way that organizations process the data of individuals from the EU. That includes using storing transferring or collecting data. All organizations that process this kind of data are responsible for following the law. This regulation is far-reaching and it covers any data that’s related to an identifiable individual.

You may be thinking: that’s a lot of data. If that’s crossing your mind, rest assured that you aren’t the only one. However, these regulations don’t have to disrupt your entire business. A little bit of reflection (pun intended) and a few reasonable changes can help.

Still not convinced? The truth is that the road to full compliance starts with just a few steps. We know that understanding these regulations can be daunting, so in the next few sections, you’ll find insight on the changes you can make to the way your organization handles data. Ready? Here are some of the things you’ll want to cover first when you assess your business and Salesforce GDPR compliance.

Your business + data privacy

How is your business currently using data? Is it secure? Are you only collecting data that you truly need? Think about these questions and start with how you’re currently processing data before you go into any other concerns with GDPR. Keeping your data secure and clean is one of the most important things that you can do to maintain GDPR compliance.

Looking at third-party applications 

The majority of Salesforce users are using the Appexchange to purchase tools from independent software vendors. This marketplace is great for businesses because it allows them to find and install tools that make using Salesforce even better. However, there are some concerns that you should take note of if your business uses tools from independent software vendors. When you install these tools you’re also sharing your data and your users’ data with these vendors. That means that you could unknowingly be violating the GDPR if that vendor is it up to date on Salesforce GDPR compliance.

To protect yourself you need to understand how these applications process data you need to document it. This can be time-consuming but you don’t want all of the effort and resources you put into becoming GDPR compliant to be undone with the use of a third-party application. Many independent software vendors are now up front about GDPR and how they’re compliant, but it’s worth double checking on any tools where that isn’t so clear.

If you’ve been following our content to learn more about Reflection Enterprise, you may know that you can find our application on the Appexchange and you might wonder: is Reflection Enterprise GDPR compliant?

Yes. We know that being GDPR compliant is critical. Riptide Software has been providing the advanced protection for the Department of Defense for over 25 years and security is at the core of what we do. We provide all of our customers complete access to their data. We never see it or manipulate it in any way. Whether your needs are for a hosted solution by us, or completely on-premise – you’re always in complete control.

Understanding Data Subject Rights

Another thing you need to understand is users rights to their data under GDPR. These are some of the rights users are entitled to that you should have your eye on.


Users have the right to access data that a data controller collects. Data controllers have 30 days to respond to these requests.


Users can request that data controllers correct any false information that they gather.


Users have the right to request the deletion of their data. 


Users can request to extract their data. Data collectors must be able to provide this in a machine readable format. 

When you boil this down to its core, individuals’ rights under GDPR aren’t that complicated. You may already have the systems in place to be compliant with these regulations. It’s important to understand what’s expected of your organization under GDPR and then document the processes that you have in place for maintaining compliance and responding to requests.

GDPR and data backup

The bottom line is that GDPR may seem to add levels of complexity to your business but you don’t have to let these regulations leave you in the dark. If you’re using Salesforce, your organization will already have some systems in place to help you achieve compliance. The even better news is that you don’t have to sacrifice third party tools that can make your business better to stay complaint.  

Looking for a Salesforce backup solution? We’re here to help. Our solution, Reflection Enterprise is a next-generation Salesforce data backup and recovery solution that lets you execute on-premise or cloud backup, replication, restoration, and integration of Salesforce data all in one platform. You can start a free trial today or schedule a demo with our team by clicking here.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>