Loading
Own from Salesforce
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            GDPR and SaaS FAQs

            You are here:

            1. Salesforce Help
            2. Docs
            3. Own from Salesforce

            GDPR and SaaS FAQs

            Find answers to questions concerning OWN from Salesforce related to GDPR and SaaS.

            As a Data Controller, what should I ask my SaaS backup Data Processors before GDPR enforcement begins May 25th?

            When third parties process data on your behalf, you’re obligated to make sure they have sufficient guarantees and technical measures in place to protect the rights of the Data Subject. Consider the these areas when engaging third parties:

            • How are your vendors meeting the necessary standards for data security and privacy? This includes both contractual and regulatory obligations.
            • Are your vendors able to demonstrate robust privacy, data protection, and other security practices around their network and infrastructure?
            • How are your vendors able to support a culture of privacy by design?
            • How do your vendors help you manage your obligations as a Data Controller?

            Should US and Non-European companies be concerned about GDPR?

            Yes! If you’re capturing and storing personal data of European Data Subjects, you must to pay attention to GDPR. Whether that data is stored in the EU or not, your company will be held liable under the GDPR requirements. In other words, if you offer goods and services to, market to, or process citizens of EU member states, capturing EU Data Subject personal information, you’ll be impacted by this regulation.

            How do I find and access Data Subjects information that resides in my data backups?

            As Data Controllers, you’re responsible for maintaining an inventory of personal data, including the data in your archives. This can be one of the more difficult obligations of a Data Controller, particularly because you must not only furnish your Data Subject(s) with details of how their data is handled, shared, and used, but also provide notification without undue delay. Data Controllers using Own will be able to perform global personal data searches across their archives, identifying the region and attachments in which the Personal Data resides. This will be available on-demand and within minutes.

            As a Data Controller, how long must I keep backups?

            When you consider determining your retention period, account for what category of data you have captured, your legal right to maintain it, and any regulations that impact the retention of this data. As a Data Controller, based on your business’ risk tolerance, privacy impact assessment, and compliance obligation(s), you can decide whether it’s appropriate to retain data, for example, for 6 months or for 6 years. Own supports custom retention policies to match the length of period you need without compromising your ability to meet your regulatory data retention strategies.

            As the regulatory body that will enforce GDPR, how has the Information Commissioner's Office (ICO) defined "privacy by design"?

            “Privacy by design” requires that privacy and data protection controls are the common thread that has been weaved into each aspect of your technology stack from code development, to product features, to the risks of how you process data and retain data. How well these factors tie together determines your compliance with the rights and freedoms afforded EU individuals under GDPR.

             
            Loading
            Salesforce Help | Article