The Right to Be Forgotten is managed primarily through Marketing Cloud’s contact delete framework. Marketing Cloud developed a robust data deletion framework that currently has the capability to delete individuals' personal data following a data subject request. Contact deletion can be initiated for many Marketing Cloud products either through the Contact Builder User Interface, or through the contact delete framework API. More information on the Marketing Cloud approach to the deletion of individual data across all products and channels is in the Learn More link below.
Salesforce DMP, a product offering within Marketing Cloud, also provides functionality supporting customers’ Right to Be Forgotten. Salesforce DMP customers can request data deletion in multiple ways, including via API and the Salesforce DMP user interface. After the termination of services, account data is automatically deleted
Salesforce DMP supports several methods for receiving portability requests, whereby the portability files are delivered to customer on behalf of the requesting individual in a machine-readable format using the existing data-feed transfer process. This can be managed using API or directly within the User Interface.
Salesforce DMP provides multiple methods for you to manage and record the consent obtained from your customer. Based on consent signals that you provide, DMP functionality only operates against a consented set of users. This can be managed using API or directly within the user interface.
Salesforce DMP admins have the ability to stop processing data for a given user, meaning that data will not be used in any analytical jobs that run in the product until the restriction is lifted. This can be managed using API or directly within the user interface.
“We are committed to our customers’ success, including compliance with the GDPR.”
- Obtain executive support for necessary staff resources and financial investments
- Choose someone to lead the effort in becoming GDPR-compliant
- Build a steering committee of key functional leaders
- Identify privacy champions throughout the organization
- Identify all the systems where the organization stores personal data, and create a data inventory
- Create a register of data processing activities and carry out a privacy impact assessment for each high-risk activity
- Document compliance
- Implement controls to limit the organization’s use of data to the purposes for which it collected the data
- Establish mechanisms to manage data subject consent preferences
- Implement appropriate administrative, physical, and technological security measures and processes to detect and respond to security breaches
- Establish procedures for responding to data subject requests for access, rectification, objection, restriction, portability, and deletion (right to be forgotten)
- Enter into contracts with affiliates and vendors that collect or receive personal data
- Establish a privacy impact assessments process
- Administer employee and vendor privacy and security awareness training
- If required, appoint a data protection officer and identify the appropriate EU supervisory authority
- Conduct periodic risk assessments