Accelerate your journey to GDPR readiness with Salesforce.

As companies are increasingly using data intelligence to understand and serve customers better, it's critical that they are accountable to individual's rights to privacy and security. As the #1 CRM platform, Salesforce provides companies with transparency and control of their customer data to accelerate compliance with regulations like the General Data Protection Regulation (GDPR) while harnessing the power of that data to connect with customers in new ways.

General Data Protection Regulation (GDPR) 101

On May 25, 2018, a new landmark privacy law called the General Data Protection Regulation (GDPR) takes effect in the European Union (EU). The GDPR expands the privacy rights of EU individuals and places new obligations on all organisations that market, track, or handle EU personal data. How will this affect your company?

GDPR 101


What is the GDPR?

The GDPR is a new comprehensive data protection law (in effect May 25, 2018) in the EU that strengthens the protection of personal data in light of rapid technological developments, increased globalisation, and more complex international flows of personal data. It updates and replaces the patchwork of national data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.

What does the GDPR regulate?

The GDPR regulates the “processing” of data for EU individuals, which includes collection, storage, transfer, or use. Any organisation that processes personal data of EU individuals is within the scope of the law, regardless of whether the organisation has a physical presence in the EU. Importantly, under the GDPR, the concept of “personal data” is very broad and covers any information relating to an identified or identifiable individual (also called a “data subject”).

How does GDPR change privacy law?

The key changes are the following: Expanded data privacy rights for EU individuals, data breach notification and added security requirements for organisations, as well as customer profiling and monitoring requirements. GDPR also includes binding Corporate Rules for organisations to legalise transfers of personal data outside the EU, and a 4% global revenue fine for organisations that fail to adhere to the GDPR compliance obligations. Overall the GDPR provides a central point of enforcement by requiring companies to work with a lead supervisory authority for cross-border data protection issues.

Does the GDPR require EU personal data to stay in the EU?

No, the GDPR does not require EU personal data to stay in the EU, nor does it place any new restrictions on transfers of personal data outside the EU. Salesforce’s data processing addendum, which references our Binding Corporate Rules, Privacy Shield certification, and the European Commission’s model clauses, will continue to help our customers legalise transfers of EU personal data outside of the EU. See our FAQ on our data processing addendum for more information.

First Four Steps to GDPR Readiness

Is your organisation struggling on where to start or how to accelerate your GDPR readiness? PwC shares four key steps that will get your teams moving in the right direction and will help remove roadblocks.

We are committed to our customers' success, including compliance with the GDPR.”


GDPR Product Readiness

Build trust and transparency around your data with Salesforce


Where can I learn more about the GDPR?

Take our “EU Privacy Law Basics” Trailhead module. Our module is a free, guided learning path that helps you cover the most ground in the shortest amount of time about GDPR. Consider it your personal game plan for exploring what GDPR is. Additional information about the GDPR is available on the official GDPR website of the EU.

More Resources