Salesforce broke GDPR down into four core categories: data portability, restriction of processing, consent management and data deletion, also known as the right to be forgotten.
“We went across all of our different products and services cloud-by-cloud in each of those areas to make sure that we are compliant as a data processor, but also looking at it from our customers' perspective, to ensure that our customers could comply with those principles in using our services," said Lindsey Finch, Salesforce's first data protection officer.
The cloud computing giant launched a GDPR website, with guidance, training modules, and other resources to help customers comply with the implications of GDPR on each Salesforce service. Among them is a Data Processing Addendum that customers can fill out, sign and return to ensure that they continue to transfer data to Salesforce without interruption, Help Documentation on fulfilling data subject access requests, and guidance on Data Protection Impact Assessment (DPIA) issues.
Salesforce has also launched a feature called Individual Object to consolidate privacy preferences across numerous Salesforce records and rearchitected the Salesforce DMP (Data Management Platform) to help customers track and record the consents they've received.