Loading
Salesforce now sends email only from verified domains. Read More
Data Protection and Privacy
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Create Right to Be Forgotten Policies

            You are here:

            1. Salesforce Help
            2. Docs
            3. Data Protection and Privacy

            Create Right to Be Forgotten Policies

            Honor individual customer requests to remove or mask sensitive data by creating Right to Be Forgotten policies.

            Required Editions

            Available in: Developer, Enterprise, Performance, and Unlimited Editions. Requires the Privacy Center license.
            User Permissions Needed
            To create, edit, and run Right to Be Forgotten Policies: Manage Privacy Center Policies

            If you want the option to delete field history or field audit trail records with your policy, turn on this org setting: Enable “Delete from Field History” and “Delete from Field History Archive” User Permissions. The setting can be found in the User Interface node in Setup. To learn more, see User Interface Settings.

            To create a Right to Be Forgotten Policy:

            1. From the App Launcher, select Privacy Policies, then click New.
            2. Select Right to Be Forgotten Policy, then click Next.
            3. Give your policy a name and optional description, and save it.
            4. Click Select Object to add your first parent object to your policy.
              You can’t apply policies to User objects, because the data in User records can’t be deleted or masked. For information on how to obfuscate User records, see Let Users Scramble Their User Data.
            5. Under Available Objects, select the object that you want to add to the policy and add an optional description.
            6. Click Next, then Next again.
            7. In Action on Data In Org, select Delete or Mask to indicate what action is performed on the records captured by your policy filters. Delete removes the entire record from your org.
              If you select Delete, you also have these options. Note that if you permanently delete records the data can’t be recovered from the Recycle Bin.
              • Delete records from related history object

                Select this setting if you want associated records on the related history object to be deleted from your org.

              • Delete records from Field Audit Trail

                Select this setting if you have the Field Audit Trail add-on and you want the associated records to be deleted from your org. If you don't have Field Audit Trail, you can't select this setting because the data doesn't exist.

              • Permanently delete records

                Select this setting if you want to permanently delete records from your org instead of moving them to the Recycle Bin.

              If you select Mask, you can individually select an obfuscation or deletion method for each field in the Fields section. The fields listed are those that can have a value defined in Setup or via API. Fields such as Formula and Roll Up Summary aren’t included. You can also apply a bulk action that applies to all fields: Replace with Random Characters and Delete. If you select Mask, you have these options at the field level.
              • Do Not Change leaves this field’s data as-is.
              • Replace with Random Characters obfuscates the data in this field with random values. Optionally, check the box next to Unique to add the record’s Salesforce ID to the field value. This option creates a globally unique value for the record in your org.
              • Delete removes this field’s data. This option doesn’t delete the entire record, and you can’t delete data in required fields.
              • Replace with Static Value obfuscates the data in this field with a value that you input. Optionally, select the box next to Unique to add the record’s Salesforce ID to the field value. This option creates a globally unique value for the record in your org.
            8. If you selected Mask in the previous step, under Fields, you can choose a compliance categorization to filter for specific field types.

              Compliance categorizations match compliance acts, definitions, or regulations, and can be assigned in field metadata. For example, you can use Quick Find to locate fields that contain personally identifiable information (PII). For more information, see Data Classification Metadata Fields. You can apply a bulk action to the same mask or delete action to all fields in the categorization.

            9. Under Files & Attachments, choose how the files and attachments on captured records are retained or deleted.
              • Delete All deletes every file and attachment, even if there are other remaining records associated with the files.
              • Delete if Unshared deletes the files and attachments when they aren’t associated with any other records.
              • Keep ensures that none of the files and attachments are deleted. If you selected the Delete option for the Action On Data In Org field, and you select the Keep option for files and attachments, any unshared files and attachments in Salesforce become orphaned.
            10. Click Next.
            11. Select whether you want to copy processed records to an external data store for retention. To configure data retention for your RTBF policy, follow the same steps as you would for a Data Management policy. See Retain Records on an Object.
              Warning
              Warning Certain Salesforce instances don’t support data retention. If your instance is listed here, skip the data retention setup by selecting Do Not Copy. Otherwise, errors occur when your policy executes. To find out your org instance, go to Company Information in Setup, or contact your account executive.

              Data retention is unsupported in:

              • South Korea: kor* instances
              • Indonesia: idn* instances
              • Brazil: bra* instances
              • Middle East: are* instances
            12. To save your changes and create your policy draft, click Done.
            13. If needed, add child objects to the policy. From the policy details page, on the Active Objects tab, click Add Child Object.
              When a policy is executed with a delete action, any child objects with a detail relationship to the parent object are deleted automatically. Child objects with a lookup relationship to the parent object have their parent record field set to a value of null. To delete the records of a child lookup object, add it to the policy.
            14. On the policy home page, save your work.

            You’re ready to run your Right to Be Forgotten policy.

             
            Loading
            Salesforce Help | Article