You are here:
Einstein for Nonprofits Data Deletion
Consider these factors when deleting data in Einstein for Nonprofits to stay compliant with data protention and privacy regulations such as GDPR.
- Data Deletion for Your Product
Learn about data deletion for Einstein for Nonprofits. Under various data protection and privacy regulations, you may be required to delete personal data of a constituent, such as in response to a GDPR right of erasure request. The following are examples of common requests, considerations, and related procedures to help you determine an action plan for complying with data erasure situations.
Data Deletion for Your Product
Learn about data deletion for Einstein for Nonprofits. Under various data protection and privacy regulations, you may be required to delete personal data of a constituent, such as in response to a GDPR right of erasure request. The following are examples of common requests, considerations, and related procedures to help you determine an action plan for complying with data erasure situations.
Not all deletion methods completely erase records from the database. Deleting a record may only move it to the Recycle Bin, and therefore personal data can still be accessed and restored. If you are required under a law or otherwise to ensure records are erased, be sure that you understand how record deletion works within Salesforce, and how to remove personal data from your instance in ways that meet your obligations.
We offer the following examples of common requests and considerations to help you plan how best to honor constituent requests around data deletion. These are only suggestions for your review, and not guaranteed steps for ensuring compliance with any legal rule.
Keep in mind that addressing constituent requests, including those provided for under the GDPR, can be challenging. A one-size-fits-all strategy may not always work, and you may need to adjust your approach when balancing organizational needs and legal obligations. For example, if exporting personal data to satisfy a GDPR data portability request may violate someone else’s rights, you might consider narrowing the fields in scope rather than exporting all data. If deleting personal data to satisfy a GDPR erasure request may conflict with other requirements around record preservation, you might consider anonymizing certain fields rather than wholesale deletion.
As always, there are pros and cons to each approach, including legal and business impacts and risks, and you are responsible for your own compliance obligations in your use of the Salesforce Services and Salesforce.org applications. You should work with your advisors, including legal counsel, to determine whether you are covered under a legal requirement, and come up with a compliance plan that’s best for your organization.
Salesforce resources:
- Data Deletion: Delete Personal Data
- Delete Records
- Recycle Bin
- Empty Specific Records out of the Recycle Bin
- Hard Delete Records
- Data Backup
| Common Constituent Request | Actions to Consider | Things to Consider |
|---|---|---|
| A donor has stopped giving and wants his personal data to be removed from your system. | Delete Records | Consider deleting these records and field data for your donor.
You can find personal data in unindexed fields by exporting the data, and then searching for the information. You may also consider deleting:
NOTE: In order to preserve donation history, consider assigning Opportunities to an anonymous or placeholder Account. If you maintain a Sandbox environment, you may want to refresh the environment afterward to remove that constituent’s data from it, or log into the Sandbox and manually remove the data. |
| A volunteer has died and her spouse has requested that you remove her from the system. | Delete Records | In addition to deleting the volunteer's Contact or Lead record, consider deleting:
You can find personal data in unindexed fields by exporting the data, and then searching for the information. NOTE: In order to preserve Volunteer Hours metrics, consider assigning Volunteer Hours to an anonymous or placeholder Contact record. If you maintain a Sandbox environment, you may want to refresh the environment afterward to remove that customer’s data from it, or log into the Sandbox and manually remove the data. |
| A constituent doesn't want you to store her email address and phone number. | Consider deleting data in any fields that store your constituent's email address and phone number. NPSP also includes these custom email and phone fields and objects:
If you’ve created other records or activities related to your constituent, consider removing her email address and phone number from those records, and from Salesforce standard Email and Phone fields. |
