Salesforce and GDPR: an update

Clarity is beginning to emerge on how GDPR impacts your use of Salesforce.


It’s been a while since we published our last post about Salesforce and GDPR. There have been some developments since then, and there already appears to be more awareness of GDPR in the business community.

Many consultants are seeing GDPR as an opportunity, and are promoting their services as GDPR advisors who can work with businesses to ensure they are ready when the new GDPR legislation comes into effect in May 2018. While some people may view this as opportunist, GDPR is potentially a big deal for businesses. Those who don’t comply could face huge fines.

So how does this affect your use of Salesforce? What impact will GDPR have on you?

Some clarity has emerged, including hints from the ICO (Information Commissioner’s Office) that processing data as part of sales and marketing activity is necessary for the purposes of an organisation’s legitimate interest. This is fairly obvious really – without sales and marketing, most businesses would not be able to survive.

It would therefore appear to be business as usual for using tools such as Salesforce and Pardot to reach out and connect with your customers and prospects. Well, almost business as usual…

Documenting Consent

As mentioned in our last post, when GDPR comes into effect, it will be essential to be able to prove that consent has been obtained before you can add an individual to an email marketing campaign.

In Salesforce, you need to be able to document how you obtained the consent, and when. This should be a simple matter of either updating the description field against a lead or a contact with some notes about consent, or better still adding a couple of custom fields to the lead and/or contact object and making them mandatory so they must be filled in before you can save them to your CRM.

Easy opt-out

It is equally important to ensure prospects and customers have a clear and easy way of unsubscribing from mailing lists.

If you already use Pardot as your marketing automation tool, this is one of the standard built-in features. It is very easy to include an unsubscribe link at the foot of every email, or a link to an email preference centre page where people can manage their different subscriptions if you have multiple mailing lists.

The right to be forgotten

Salesforce already contains built-in functionality that allows leads and contacts to be clearly marked as ‘do not email’ or ‘do not call’. Properly used, these simple checkboxes can go a long way towards helping ensure people who have specifically requested not to be contacted are indeed left alone.

Going one step further and removing someone permanently from Salesforce or Pardot is once again standard functionality. It is very easy to permanently delete a Lead, delete an Account and/or delete a Contact, which means someone is essentially forgotten.

Three key areas

So these are three key areas your business needs to focus on addressing before GDPR comes into effect in May 2018, at least in terms of your sales and marketing activities.

  • Documenting consent – when and how you obtained consent.
  • Providing easy and clear unsubscribe facilities.
  • Offering the option to be forgotten.

Unfortunately, this isn’t the full scope of GDPR. There are many more aspects to the new legislation, such as having lockable filing cabinets in your offices. However, these are beyond the scope of this blog post, and you should probably explore these in full with a consultant who can help you ensure your business is fully compliant.

The ICO has also published a useful 12-step plan.

So good news for Salesforce and Pardot users then! Just a few very simple changes to your standard objects which can be made by anybody with some Salesforce administration knowledge. If you don’t have that in-house, you can reach out to your Salesforce Account Executive who will put you in touch with a Consulting Partner like us, ¬†or if you have a Premier Success Plan, you can simply log a case to get help on making the changes.

We will continue to post updates on GDPR as further clarity emerges.

(Photo by timothy muza on Unsplash)


Leave a Reply