driving Salesforce GDPR compliance and data classification thumbnail

How you can drive GDPR Compliance

Although the EU General Data Protection Regulation (GDPR) has been around since 2018, it has taken a while for many companies to understand the impacts of the policies, and to prepare their orgs to better handle requirements in order to fall into proper compliance. It was easy for many people to dismiss this requirement as being limited to only the EU, however, that is a fallacy that can be extremely costly. In this day and age of technology, and the bright side of e-commerce, you can have customers from virtually anywhere. And, if your customer is from the EU, they are protected by GDPR. This means it’s up to you to implement a policy and protect your customer data and privacy, as well as provide evidence (if requested) of how you will handle requests to encrypt their data or rid your Salesforce environment of their information.

That’s a tall order. As daunting as all of this sounds, there are things you can do as an Admin to get the ball rolling in the right direction, or enhance what you already have in place by taking advantage of what Salesforce is offering in the way of tools.

Data Classification Settings: How to Use Them

In an effort to help you prepare your org for Compliance restrictions such as GDPR (amongst others), there is now an option on fields to specify both Data Sensitivity and Compliance Categorization.

field information in Salesforce screenshot

Data Sensitivity Level default values: Public, Internal, Confidential, Restriction, MissionCritical

Compliance Categorization default values: PII, HIPAA, GDPR, PCI, COPPA, CCPA

As you can see, “GDPR” is an option for the Compliance Categorization field. You can add other picklist values as you see necessary.

You can utilize these values by making a list of fields that would be considered sensitive regarding GDPR, and updating that data on each field. For Data Sensitivity values, you can take advantage of the Data Classification Upload in order to have a better organized approach.

How to use Data Classification Upload for Data Sensitivity Level

In order to do an upload, make sure each field that you wish to update is listed in a .csv file with the object name, field name and data sensitivity level. For example:


Once you have that saved in a .csv, you can then upload the file to make the changes en masse, without having to make changes to each individual field on each separate object. To make edits on the Data Sensitivity and Compliance Categorization fields, search for “Data Classification Settings”, and follow the links for each one.

data classification settings view in Salesforce

What you can do to Learn More

Salesforce is great about helping people help themselves. While they could have just thrown a few press releases out and said, “Good Luck!”, that’s not really their style. Salesforce has created four Trailhead courses that they recommend for you to make sure you’re comfortable with understanding and preparing your org for what GDPR Compliance entails. Let’s take a quick look at each of these parts now.

  • Security BasicsThis module is great whether you’re preparing yourself for GDPR Compliance or not. It reviews Security risk in general, and more importantly, how to prepare your users to take it seriously. It also takes you into a hands-on challenge on performing a health check in a dev org. The best part is, in about an hour, you can be a little wiser on taking steps to protect your company.
  • European Union Privacy Law BasicsLuckily, you don’t need a law degree for this one! This module takes you into the very basics, so you’re familiar enough to understand why these rules are so important. It also walks you through how to implement a GDPR Compliance program, so you’re not left trying to figure this out on your own.
  • Develop Secure Web AppsIntended for Developers (or really advanced Admins), this trail goes into a lot of depth about how to create really secure apps that you or users will be utilizing in your Salesforce org or Communities. It shows you how to identify vulnerable points in your apps, and ways to correct it. This is a must do for anyone that is hands-on with creating those pieces for your org – even contractors.
  • Security SpecialistThis Superbadge is an awesome way to apply practical knowledge to “real life” situations. It does contain three pre-requisite badges, but this is something that you can easily work through in a week or less (or, if you’re really going for it, a work day!). This is also a great review for User Authentication and User Permissions, as well.

If you have not had conversations with your company regarding GDPR Compliance, you cannot afford to wait any longer. And, if you need some assistance, we’re here to help! Contact us for ways you should approach GDPR Compliance in your company, today.

Resources & Further Reading:

Classify Sensitive Data to Support Data Management Policies

General Data Protection Regulation (GDPR) FAQ

GDPR and the Salesforce Services


Leslie Roberts