Salesforce solutions for CCPA implementation

Key Considerations

Discover Personal Data

CCPA Governance
Data Inventory and Classification

Automate Data Privacy Rights

1798.130, 1798.120 (a), 1798.135 (a)
Data Access requests, ‘Do not sell’,
Self-serve Privacy center

Manage Consent

Manage Opt-in/Outs,
Consent and Communication Preferences

Minimize Personal Data

CCPA Governance
Data Retention - Automated anonymize
and delete

Mask Sandbox Data

CCPA Governance
Pseudonymize or Anonymize Personal Data
to prevent Sandbox induced Data Breach

Manage Policies & Notices

Data Processing Notices,
‘Do not sell’ link

Antonina R., EF Education First

A great solution for data privacy management.

I used the CC solution for data privacy management at one of [our projects]. What I especially liked is that where possible it utilizes standard Salesforce objects designed for data compliance management, such as Individual. At the same time it is very flexible and allows international and global companies accommodate different requirements based on country, region, language and other criteria. [...] Once the main setup is completed, it's easy to train the Compliance/Legal and other teams to do certain changes themselves.

Natalia K., Contour design Nordic

Excellent customer experience and great product.

I strongly recommend Cloud Compliance to anyone who needs a comprehensive framework to manage and maintain GDPR related documents & information as well as to those who are in need of a simple and professional tool to exercise data subject rights and to handle retention policy deadlines in Salesforce.

Lucia T., Vera Solutions

Excellent customer experience and great product.

We worked with Cloud Compliance to install and configure their GDPR app for one of our clients. Their team was very helpful and responsive throughout the implementation process.

Andrew M., Clear Choice

Solid CCPA Solution.

[The Cloud Compliance team] made integration very simple. We were looking for a one-touch de-identification/portability utility, and [Cloud Compliance] delivered. I would recommend this product for anyone looking for a quick/easy solution to the CCPA changes.

Sachin K., Slalom

An Excellent tool for CCPA.

This tool helped us become CCPA compliant for salesforce, very easy to setup. [Cloud Compliance] also helped us by providing APIs so we could automate this process.

Rahul G., Entrust

Comprehensive GDPR Solution

I liked that this solution is comprehensive. Allows to create a Data inventory, manages consent and implement Subject access request for Data portability and RTBF. Glad that they have the capability exposed as API and invocable. Invocable comes really handy to implement custom processes. Overall a great solution.

Discover Personal Data

CCPA Governance
Data Inventory and Classification

Track and inventorize Personal Data across your enterprise. Document data collection and movement both for internal and to 3rd parties.

Assess your organization's posture for CCPA compliance, identify gaps, and mitigate risks. Use our pre-built templates or create custom assessments for your unique requirements.

dpia gdpr, Salesforce personal data inventory, personal data inventory, DPIA, Data Protection Impact Assessments
GDPR right to be forgotten, right to be forgotten, data Protection request, Salesforce right to be forgotten, data protection right to be forgotten, GDPR request to be forgotten, Salesforce GDPR implementation, Salesforce GDPR, Salesforce Data protection, Salesforce GDPR compliance, GDPR compliance Salesforce, GDPR in Salesforce

Automate Privacy Rights

1798.130, 1798.120 (a), 1798.135 (a)
Data Access requests, ‘Do not sell’, Self-serve Privacy center

Enable branded self-service request portal for common Subject Access Requests (SAR) for seamless customer care.

Simplify the logging of SARs, verification process, generation and delivery. Support multiple regulatory requirements such as offering different Portability documents for GDPR vs CCPA.

consent management in Salesforce, consent management Salesforce, Salesforce consent management
Salesforce data minimization , Salesforce data retention, data retention in Salesforce

Minimize Personal Data

CCPA Governance
Data Retention - Automated anonymize and delete

CCPA does not mandate Data retention, but it is the best defence to limit breach exposure

Manage Policy and Notices

Data Processing Notices, ‘Do not sell’ link

Manage and update policies in Salesforce for multiple regulations, countries and languages.

Enable localized consent banners with a description of a consumer’s rights and a clear and conspicuous Do Not Sell link. Disclose privacy notices across websites, mobile apps and others. Securely collect audit-ready proof of acceptance during customer onboarding and other business processes.

Salesforce Policy Management, Policy & Notice Management, Policy Management
Salesforce Sandbox Data Masking, Data Masking Salesforce Sandbox, Data Privacy in Salesforce, Sandbox Data Privacy for Salesforce

Mask Sandbox Data

CCPA Governance
Pseudonymize or Anonymize Personal Data to prevent Sandbox induced Data Breach

Protect your organization by masking or erasing sensitive data in your sandboxes.

Automate common tasks and sandbox readiness to ensure data hygeine and business usability of data while staying compliant to CCPA security measures for data processing.

Why compliance matters


Your customer's privacy is more than a compliance initiative. Privacy is a basic human right that your organizational ethos should align with.


Building trust in a digital world is difficult enough. Erosion of trust due to unsavory privacy incidents can permanently damage your business.


Privacy violations are magnified disproportionately in social media. Bad publicity impacts your company's leadership, stock price and financials.


Many organizations have been penalized for their privacy oversights. Regulatory authorities are scaling up faster than the time you may need to design compliance policies.


The California Privacy Rights Act (CPRA) is a state-wide data privacy bill passed into legislation in 2020 – with the goal of safeguarding and protecting the personal data privacy of residents of California. CPRA is the result of a ballot initiative supported by a data privacy advocacy group called Californians for Consumer Privacy. CPRA adds more elements to CCPA to make it more comprehensive and far-reaching. CPRA will come into effect from January 1st, 2023.
CPRA applies to your organization if it – 1. Generates 25 Million dollars in gross revenue. 2. Has more than 100,000 consumers in California. 3. Derives more than 50% of the revenue from the sharing of personal data. If your organization meets the above three criteria, then CPRA would apply irrespective of where your organization is physically located or registered. CPRA does not apply to Non-Profits

No. Non-profits are exempt from CPRA enforcement.

CRM systems such as your Salesforce Org may contain personal data of your prospects, customers, employees, and partners. 

To ensure CPRA compliance, you can standardize, automate and enforce CPRA-specific requirements with Cloud Compliance’s Apps that are available from AppExchange.

Some common use cases where Salesforce customers use our Apps include:

Orchestrate processing of RTBF & portability DSARs across all Salesforce Orgs (Prod. link)

GDPR is the framework legislation of Europe while CCPA & CPRA are the framework legislations of California.

The essence of both these laws is the same – to protect the data privacy of their respective constituents. GDPR applies to EU residents while CPRA/CCPA applies to Californian residents.

They do differ in terms of their requirements also. Please refer to this short video for additional information.