Salesforce Admins Podcast

Today on the Salesforce Admins Podcast we’re joined by Sovan Bin, the founder and CEO of Odaseva, an AppExchange partner that helps companies large and small get ready for GDPR. He also happens to have over 12 years of experience in the Salesforce ecosystem, so we sit down to talk about what you can do to be ready for the new regulations.

Join us as we talk about GDPR, the nitty gritty of the Right to Be Forgotten, personal consent, retention, and why you need to look at all aspects of your data to prepare for the regulations.

You should subscribe for the full episode, but here are a few takeaways from our conversation with Sovan Bin.

The many use-cases of GDPR compliance.

Sovan has a lot of experience working in the Salesforce ecosystem. He started as an Admin, and then was certified as a Technical Architect with a specialty in data. “GDPR is all about data,” Sovan says, “data, security, governance, and compliance improvements.”

Sovan founded Odaseva in 2012 as a data platform, and they work to streamline the GDPR preparation process, “we handle backup, archiving, and GDPR accelerators.” They have 8 use-cases for GDPR, some regarding security and some regarding data management. Sovan works with a number of customers to prepare for the regulations, and that insight can be super valuable for us Admins sitting at home listening.

Odaseva worked with Pathé Gaumont, the number one movie theater company in Europe, to deal with multiple use-cases regarding GDPR. Specifically, they focused on data retention. “When you have consent to collect the personal data of individuals, you have to delete that data after two years.” They also worked with Toyota to implement the Right to Be Forgotten. “If someone calls your company and asks you to remove their data from your systems, you have thirty days to comply and remove it from Salesforce and other systems,” Sovan says.

Implementing changes for the Right to Be Forgotten.

When it comes to actually dealing with implementing the changes you need to make to be GDPR compliant, Sovan and Odaseva mostly work through customized Apps on the AppExchange. “If we talk more about the Right to Be Forgotten, sometimes we think we just need to click on the ‘delete’ button to comply with a request or use a data loader to do that,” he says but as the Admin in charge of GDPR compliance for your company you know that deleting something is a bit more complicated than that, and you don’t necessarily want to lose business information while you’re trying to scrub the personal information.

“Right to Be Forgotten is not always about deletion, it’s about three strategies,” Sovan says, “number one, make sure that you delete real personal data in records or objects where it’s very difficult to predict what kind of information is there.” Some examples would be things like attachments or case comments. “Number two, make sure you don’t touch business data because it belongs to your company,” Sovan says, so things like aggregated revenue with a roll-up summary field on the contact object or opportunities should remain because your dashboards and reports would be affected by that. “Number three,” Sovan says, “is to anonymize the data by changing things like their name and birthdate so the data remains largely unchanged but it’s not easy to come back to the person.”

Sounds like a lot of work, and Odaseva’s main mission is to streamline and automate that process. “They have one button on the contact object that executes this three-layer strategy,” Sovan says, but it’s customized based on what a particular company’s data and org looks like.

Other compliance speed bumps.

Another problem with GDPR compliance comes when you’re dealing with a development environment. Even in a perfect security environment, where accessing all of the data is very restricted and secure, it’s often times the case where a sandbox will have a perfect copy of the data from productions but be much easier to view. “One of the use-cases of GDPR that is quite a quick win to implement is to anonymize the personal data inside the full sandbox,” Sovan says.

“Consider that personal data, from the GDPR philosophy, is the most critical asset that you have to protect with all of your knowledge,” Sovan says, “you have to make sure that you don’t use it, that it’s not being stolen, and you have to be able to delete it on-demand.” So backup is very important for compliance and you have to have plans in place to be able to recover lost data.

Trailhead

Salesforce GDPR Resources - https://www.salesforce.com/gdpr/overview/

More on Odaseva

Twitter:

We want to remind you that if you love what you hear, or even if you don’t head on over to iTunes and give us a review. It’s super easy to do, and it really helps more Admins find the podcast. Plus, we would really appreciate it.

Love our podcasts?

Subscribe today or review us on iTunes!

Direct download: Interview__How_Companies_are_Preparing_for_GDPR_with_Sovan_Bin.mp3
Category:general -- posted at: 9:35am PDT