How do I create a retention policy?
Retention policies are created as Salesforce records in a custom object. Each specifies the target object, retention period, jurisdiction (GDPR, CCPA, HIPAA, etc.), and deletion method (hard delete, anonymize, or archive). Policies are metadata-driven requiring no Apex code.
Can I have different retention periods for the same object in different countries?
Yes. Create separate policies per jurisdiction on the same object. Example: EU Contacts→3 years (GDPR), US→7 years (SOX), Healthcare→6 years (HIPAA). The system evaluates records against applicable policies using configurable jurisdiction fields.
What triggers a record's retention clock?
The retention clock is configurable per policy. Common triggers include record creation date, last activity date, contract end date, or custom date fields. For customer records, last activity date is often appropriate since retention runs from final interaction.
Can I set different retention periods for different record types on the same object?
Yes. Policies can filter by RecordTypeId, Owner, or Boolean/picklist fields. Create separate policies like "Customer Contact" (7 years) and "Marketing Lead" (2 years) on the Contact object. Records matching multiple policies take the longer retention period for safety.
What deletion methods does Data Retention Manager support?
Three methods: (1) Hard delete permanently removes the record; (2) Anonymize replaces personal data with placeholders while preserving the record; (3) Archive moves data to a custom archive object before deletion, creating compliance documentation.
How often does Data Retention Manager run deletion cycles?
Deletion cycles run on configurable schedules: daily, weekly, or monthly. Most organizations run daily cycles with small batch sizes or weekly full runs during off-peak windows. Configuration requires no Apex scheduling.
Can I pause retention enforcement for specific records?
Yes, through litigation holds. Flag individual records or groups as "under litigation hold" using a dedicated checkbox field. The system skips held records during deletion cycles regardless of expiry. Holds track hold date, holder, and reason for audit purposes.
What happens to child records when a parent is deleted?
The system evaluates cascade deletion based on configured deletion order. Master-detail child records delete automatically with the parent. Lookup relationship children require explicit policy configuration for inclusion in deletion sequences.
How does Data Retention Manager enforce GDPR Article 5 data minimization?
GDPR Article 5(e) requires personal data kept only "as long as necessary." The system operationalizes this through purpose-based retention periods (e.g., "marketing communications: 2 years from last consent"), automatically deleting records when purposes expire. Deletion logs serve as GDPR documentation.
What retention period should we use for FINRA compliance?
FINRA Rule 4511 requires 6-year minimum retention for broker-dealer records. Configure a policy with 72-month retention tied to record creation date. Apply litigation hold exceptions for records under active examination.
How do we handle HIPAA's 6-year retention requirement in Salesforce?
HIPAA §164.530(j) requires 6-year policy retention. For Health Cloud deployments, configure retention policies by patient record type and service date. The system supports Health Cloud objects natively (EpisodeOfCare, HealthCondition, PHI objects), providing deletion logs for OCR audit documentation.
Can Data Retention Manager help with SOX 7-year retention?
Yes. Configure retention policies for financial record objects (Opportunities, Contracts, revenue-related custom objects) with 7-year (84-month) retention tied to transaction close date. Documentation helps satisfy SOX Section 802 record-keeping obligations for publicly traded companies.
How does Switzerland's FADP retention requirement apply to Salesforce data?
Switzerland's Federal Act on Data Protection (FADP, effective September 2023) follows GDPR principles including data minimization. Configure separate FADP policies alongside EU GDPR policies using jurisdiction fields (e.g., BillingCountry='CH') to apply Swiss-specific retention periods for cross-border groups.
Does Data Retention Manager handle retention for archived records?
Yes. The Archive deletion method creates a record copy in a custom archive object before deletion, storing original record ID, deletion date, triggering policy, and configured data fields. This archive is itself subject to separate retention policy configuration.
How do we document retention compliance for regulators?
The system creates deletion log records in Salesforce for every deletion action, including triggering policy, deleted record, timestamp, and included fields. Export logs as Salesforce reports for GDPR DPA requests, ICO audits, HIPAA OCR investigations, or FINRA examinations. Logs are automatically maintained.
Can we exclude specific fields from deletion while deleting others?
Yes, through partial anonymization. Configure policies to null-out or replace specific fields while preserving others. Example: anonymize name, email, and phone on a Contact while preserving account relationship and transaction history for analytics, satisfying GDPR's right to erasure while maintaining business records.
What is the maximum number of retention policies we can configure?
There is no hard limit on policies. Each is a Salesforce record, so create as many as needed. Global enterprises with 35+ jurisdictions might have 100+ active policies. Performance remains unaffected by policy count since the evaluation engine processes policies in batches.
How do I test a retention policy before running it in production?
Data Retention Manager includes dry-run mode. Run a policy in dry-run to preview which records would be deleted without actually deleting anything. The report shows record count, sample IDs, and triggering policy rules. Review output before enabling live deletion. Dry-run testing is recommended for all new policies.
What happens if a deletion cycle fails mid-run?
Deletion runs are batch-based. If a batch fails, completed batches remain preserved and only the failed batch requires retry. The system logs failures with specific records and error details. Common causes include locked records, active validation rules, or governor limit breaches. Resolve issues and re-run.
Can we restore deleted records?
Records deleted by the system go to Salesforce's Recycle Bin (if standard delete is used) and can restore within 15 days. Hard-deleted records bypass the Recycle Bin and are not recoverable. For regulatory compliance, configure Anonymize or Archive methods instead of hard delete if recovery is possible.
How does Data Retention Manager interact with Salesforce data archiving tools?
Data Retention Manager complements archiving tools. Configure a two-stage process: (1) Archive policy moves aging records to archiving solutions (Big Objects, external archive) after Year 1; (2) Deletion policy permanently removes them after full retention period. This reduces active storage costs while maintaining compliance.
How do we configure retention policies for custom objects with complex relationships?
Map object relationships in the dependency configuration. Specify parent-child relationships and deletion order (children before parents for master-detail, or independent for lookups). For complex schemas, Cloud Compliance's Customer Success team can review org schemas and recommend optimal policy structures.
Can Data Retention Manager run on a specific subset of records for testing?
Yes. Use filter conditions on policies to limit scope (e.g., CreatedDate<2020-01-01 and Owner='Test_User'). This validates deletion behavior on controlled subsets before enabling full policies. Remove filter conditions to apply policies to all qualifying records.
How do we handle retention for records that have active opportunities or contracts?
Configure exception logic in retention policies: skip deletion if contacts have open Opportunities (StageName!='Closed Lost' and !='Closed Won') or active Contracts (Status='Active'). The system evaluates these conditions before each deletion, automatically preserving records with active business relationships.
What storage reduction should we expect from Data Retention Manager?
Typical enterprise Salesforce orgs see 30-50% storage reduction within first 12 months of automated enforcement. Dun & Bradstreet research shows 70% of CRM data is obsolete, rarely manually cleaned. Specific savings depend on org age, data accumulation rate, and configured retention periods. Run dry-run reports on oldest records to estimate.