The General Data Protection Regulation (GDPR) is the European privacy and security law with the goal of safeguarding and protecting the personal data privacy of EU residents. It was approved by the European Union (EU) and put into effect on May 25th, 2018. GDPR imposes Data privacy & security obligations on Organizations that process the personal data of EU residents. The GDPR has cross-border enforcement with harsh penalties that can reach up to 4% of a company’s annual revenues. Companies that have failed to comply with the GDPR have paid fines of millions of euros.

Does GDPR apply to my organization?

If your Organization collects data related to people in the EU, then you will be required to comply with GDPR, irrespective of where your organization is physically located or registered.

Does GDPR apply to Non-profits?

Yes.GDPR applies to For-profit & Non-profits entities

How can I make sure that my Salesforce is GDPR compliant?

CRM systems such as your Salesforce Org may contain personal data of your prospects, customers, employees, and partners. To ensure GDPR compliance, you can standardize, automate and enforce GDPR-specific requirements with Cloud Compliance’s Apps that are available from AppExchange. Some common use cases where Salesforce customers use our Apps include: Generate a personal data inventory and conduct Data Protection Impact Assessments (DPIA) (Use our Personal Data Discovery) Automate Data Portability, Right To Be Forgotten (RTBF), and other Subject Access Requests (SAR) (Use our Privacy Rights Automation) Mask Sandbox Data to Enforce Data Security (Use our Sandbox DataMasker) Drive transparency and audit-readiness in your privacy disclosures (Use our policy & Notice Management) Solve consent fragmentation with an enterprise-wide consent and communication preference repository in your Salesforce org (Use our Consent Management) Orchestrate processing of RTBF & portability DSARs across all Salesforce Orgs (Prod. link)

What’s the difference between GDPR and CPRA/CCPA?

GDPR is the framework legislation of Europe while CCPA & CPRA are the framework legislations of California. The essence of both these laws is the same - to protect the data privacy of their respective constituents. GDPR applies to EU residents while CPRA/CCPA applies to Californian residents. They do differ in terms of their requirements also. Please refer to this short video for additional information.