Quick Contact : 408-458-8343
Select Page

Protecting Data Privacy

In addition to adhering to General Data Protection Regulation (GDPR), data governance and data security requirements

REQUEST A DEMO

Data Protection Regulation

Why is Data Privacy critical for enterprises?

From a data privacy perspective, there are three major challenges enterprises struggle with: keeping up with regulatory requirements, ensuring extensibility of IT solutions to facilitate development and testing, and earning and keeping the trust of end customers and end users with their sensitive data.

Regulatory Requirements

There is no doubt that organizations need to adapt to changing regulations when it comes to data privacy. Based on your company operates around the world, multiple regulatory requirements may apply such as GDPR, CCPA, HIPAA, PIPEDA, and other that require you to safeguard PII and PHI data. Moreover, enterprises are subject to heavy penalties and fines in the event an organization violates data privacy regulations.

Extensibility

IT organizations need to be able to leverage production data when testing during development in sandbox environments. Leveraging real world data accelerates how quickly new business processes can be accommodated in your IT stack and tested by end users using real world type data. However, companies need to remain compliant while leveraging production data to simulate real-world use cases. There cannot be a breach of trust and sharing of private data even in sandbox environments. A flexible and efficient way of working is required during development that avoids manual intervention such as manually create test datasets and importing that data every time your organization is developing in a sandbox.

Client Trust

End consumers and users need to know that their data is always safe with your organization. No one wants to learn about a data breach after the fact. These types of security events impacts the customer’s perception of their trust in a supplier – irrespective of whether they supplied a product or service. Software solutions must adhere to stringent protocols while applying the latest encryption technologies for data at rest and in transit to protect Personally Identifiable Information (PII).

Adherence to GDPR requirements

On May 25, 2018, a new landmark privacy law called the General Data Protection Regulation (GDPR) replaced the patchwork of national data protection laws across the European Union for the past 20 years.

The GDPR expands the privacy rights of EU individuals and places new obligations on all organizations that market, track, or handle EU personal data. As companies are increasingly using data intelligence to understand and serve customers better, it’s critical that they are accountable for an individual’s rights to privacy and security.

Organizations need to respect their privacy by restricting what personal data they collect and process and by safeguarding that data. Privacy obligations apply to any information, either by itself or used with other pieces of information, that could identify an individual person living in the European Union.

The GDPR has the potential to impact any business that collects data in or from Europe. Significant fines may be levied on organizations who fail to meet their obligations with respect to handling data under the GDPR.

How does ComplianceQuest ensure Data Privacy?

At ComplianceQuest, we’re making continual adjustments and improvements to ensure we are best positioned to meet our legal obligations and data privacy requirements. We assist our customers to protect and have more control over both organizational and personal data while leveraging native capabilities on the Salesforce platform.

Specifically, we leverage several technologies including Salesforce Shield and Salesforce Data Mask to help organizations comply with protecting PII.

How does ComplianceQuest ensure Data Privacy
How does ComplianceQuest ensure Data Privacy

How does ComplianceQuest ensure Data Privacy?

At ComplianceQuest, we’re making continual adjustments and improvements to ensure we are best positioned to meet our legal obligations and data privacy requirements. We assist our customers to protect and have more control over both organizational and personal data while leveraging native capabilities on the Salesforce platform.

Specifically, we leverage several technologies including Salesforce Shield and Salesforce Data Mask to help organizations comply with protecting PII.

Leveraging Salesforce Shield for enhanced protection, monitoring, and retention of your critical data

ComplianceQuest EQMS + EHS (QHSE) has been built from the ground up on the Salesforce platform. This allows to leverage Salesforce Shield which offers enhanced protection, monitoring, and retention of your critical data stored in the CQ platform. Key features of Salesforce Shield includes:

Native Encryption: Sensitive data is natively encrypted, even as key data-related functionality like search, data validation and data visualization is not affected. With a base user license, users can feel safe knowing that their data at rest is encrypted with 128-bit AES encryption for any custom text field. For data in transit, all Salesforce orgs encrypt data with 256-bit AES encryption while the TLS 1.2 protocol. With Salesforce Shield, data at rest can also be encrypted with 256-bit AES encryption.

Through Data Monitoring: Flow of data across your org can be carefully monitored using Salesforce Shield to ensure data privacy requirements are met. We understand user adoption of data and how it is used across connected apps.

Define custom security policies for your enterprise: By leveraging Salesforce Shield, ComplianceQuest ensures that our can customize and follow security policies as per their unique requirements. This ensures that malicious activities are prevented in real-time and that the data history is retained for forensic level compliance.

Leveraging Salesforce Shield for enhanced protection, monitoring, and retention of your critical data

Leverage Salesforce Data Mask to protect PII in Test and Validation Environments

When production data that may contain PII is replicated in a sandbox environment to facilitate development and testing, it is crucial that all sensitive data is protected to avoid non-compliance. This includes names, social security numbers or salary data. By leveraging Salesforce Data Mask, ComplianceQuest ensures that sensitive data is masked with dummy text or random characters or deleted altogether even as the test and validation process works as designed. Salesforce Data Mask capabilities include:

  • Replace sensitive PI and PII data in any structured field, free text field, Chatter post or object to limit employee and contractor access using random characters or numbers, data from libraries, or custom patterns using non-deterministic masking
  • Delete sensitive information entirely when it is not required for application development
  • Empower everyone to build and customize without exposing protected data and remain compliant
  • Data Mask uses security policies chosen by you in Data Classification to identify and highlight fields with a high likelihood of protected data
  • Leverage a proprietary preprocessing algorithm for speed and easy configuration. Configure your Data Mask in production to have them included in every sandbox or directly in a sandbox if required
Leverage Salesforce Data Mask to protect PII in Test and Validation Environments
Leverage Salesforce Data Mask to protect PII in Test and Validation Environments

Leverage Salesforce Data Mask to protect PII in Test and Validation Environments

When production data that may contain PII is replicated in a sandbox environment to facilitate development and testing, it is crucial that all sensitive data is protected to avoid non-compliance. This includes names, social security numbers or salary data. By leveraging Salesforce Data Mask, ComplianceQuest ensures that sensitive data is masked with dummy text or random characters or deleted altogether even as the test and validation process works as designed. Salesforce Data Mask capabilities include:

  • Replace sensitive PI and PII data in any structured field, free text field, Chatter post or object to limit employee and contractor access using random characters or numbers, data from libraries, or custom patterns using non-deterministic masking
  • Delete sensitive information entirely when it is not required for application development
  • Empower everyone to build and customize without exposing protected data and remain compliant
  • Data Mask uses security policies chosen by you in Data Classification to identify and highlight fields with a high likelihood of protected data
  • Leverage a proprietary preprocessing algorithm for speed and easy configuration. Configure your Data Mask in production to have them included in every sandbox or directly in a sandbox if required

Designed to accelerate GDPR readiness

ComplianceQuest is designed to accelerate GDPR readiness through the following capabilities:

  • Right to be Forgotten – ability to delete customer’s personal data at both an organization and individual level to meet GDPR obligations
  • Consent – includes an Individual Object for tracking privacy preferences across multiple roles in your organization which can relate to one or many Contacts, Accounts, and custom object records
  • Accountability / Transparency – offers customers robust data processing containing strong privacy commitments. It contains data transfer frameworks ensuring that customers can lawfully transfer personal data to Salesforce outside of the European region
  • Data Portability – Salesforce Platform helps customers’ requests to export their data. Data can be extracted via both UI-driven as well as API-driven methods, including reports and report/dashboard APIs, data loader, Apex, SOAP and REST APIs, and third-party ETL tools
  • Restriction of Processing – On the Salesforce Platform, records can be identified, exported, and deleted upon receiving a verified request to restrict processing. If the restriction is lifted later, the records can be re-imported
  • Security – Salesforce has security built into every layer of the Platform. The infrastructure layer comes with replication, backup, and disaster recovery planning. Network services have encryption in transit and advanced threat detection. Application services implement identity, authentication, and user permissions. As mentioned above, Salesforce also offers an additional layer of trust with Salesforce Shield, including Platform Encryption, Event Monitoring, and Field Audit Trail
Designed to accelerate GDPR readiness

Know More About GDPR

To know more about how GDPR is addressed on the Salesforce platform, please visit

www.salesforce.com/gdpr/overview/

For more information on ComplianceQuest Data Privacy, please contact us at 

[email protected]

Webinars