Platform  >  Technology  >  Data privacy and Security

Protecting Data Privacy

data privacy

In addition to adhering to General Data Protection Regulation (GDPR), data governance and data security requirements

Request Demo
data privacy

Why is Data Privacy Critical for Enterprises?

Enterprises face significant challenges when it comes to data privacy. These include keeping up with evolving regulatory requirements, ensuring scalable and adaptable IT solutions for development and testing, as well as establishing and maintaining trust with end-users and customers over their sensitive data.

Regulatory Requirements

There is no doubt that organizations need to adapt to changing regulations when it comes to data privacy. Based on where your company operates around the world, multiple regulatory requirements may apply such as GDPR, CCPA, HIPAA, PIPEDA, and others that require you to safeguard PII and PHI data. Moreover, enterprises are subject to heavy penalties and fines in the event an organization violates data privacy regulations.

Extensibility

IT organizations need to be able to leverage production data when testing during development in sandbox environments. Leveraging real world data accelerates how quickly new business processes can be accommodated in your IT stack and tested by end users using real world type data. However, companies need to remain compliant while leveraging production data to simulate real-world use cases. There cannot be a breach of trust and sharing of private data even in sandbox environments. A flexible and efficient way of working is required during development that avoids manual intervention such as manually create test datasets and importing that data every time your organization is developing in a sandbox.

Client Trust

End consumers and users need to know that their data is always safe with your organization. No one wants to learn about a data breach after the fact. These types of security events impacts the customer’s perception of their trust in a supplier – irrespective of whether they supplied a product or service. Software solutions must adhere to stringent protocols while applying the latest encryption technologies for data at rest and in transit to protect Personally Identifiable Information (PII).

Adherence to GDPR requirements

On May 25, 2018, the landmark privacy law called the General Data Protection Regulation (GDPR) replaced the patchwork of national data protection laws across the European Union for the past 20 years.

The GDPR expands the privacy rights of EU individuals and places new obligations on all organizations that market, track, or handle EU personal data. As companies are increasingly using data intelligence to understand and serve customers better, it’s critical that they are accountable for an individual’s rights to privacy and security.

Organizations need to respect their privacy by restricting what personal data they collect and process by safeguarding that data. Privacy obligations apply to any information, either by itself or used with other pieces of information, that could identify an individual person living in the European Union.

The GDPR has the potential to impact any business that collects data in or from Europe. Significant fines may be levied on organizations who fail to meet their obligations with respect to handling data under the GDPR.

ensure data privacy

How does ComplianceQuest ensure Data Privacy?

At ComplianceQuest, we’re making continual adjustments and improvements to ensure we are best positioned to meet our legal obligations and data privacy requirements. We assist our customers to protect and have more control over both organizational and personal data while leveraging native capabilities on the Salesforce platform.

Specifically, we leverage several technologies including Salesforce Shield and Salesforce Data Mask to help organizations comply with protecting PII.

Leveraging Salesforce Shield for Enhanced Protection, Monitoring, and Retention of Your Critical Data

ComplianceQuest has been built from the ground up on the Salesforce platform. This allows us to leverage Salesforce Shield which offers enhanced protection, monitoring, and retention of your critical data stored in the CQ platform. Key features of Salesforce Shield includes:

Native Encryption:

Sensitive data is natively encrypted, even as key data-related functionality like search, data validation and data visualization is not affected. With a base user license, users can feel safe knowing that their data at rest is encrypted with 128-bit AES encryption for any custom text field. For data in transit, all Salesforce orgs encrypt data with 256-bit AES encryption following the TLS 1.2 protocol. With Salesforce Shield, data at rest can also be encrypted with 256-bit AES encryption.

Through Data Monitoring:

Flow of data across your org can be carefully monitored using Salesforce Shield to ensure data privacy requirements are met. We understand user adoption of data and how it is used across connected apps.

Define custom security policies for your enterprise:

By leveraging Salesforce Shield, ComplianceQuest ensures that our customers can customize and follow security policies as per their unique requirements. This ensures that malicious activities are prevented in real-time and that the data history is retained for forensic level compliance.

Leverage Salesforce Data Mask to protect PII in Test and Validation Environments

When production data that may contain PII is replicated in a sandbox environment to facilitate development and testing, it is crucial that all sensitive data is protected to avoid non-compliance. This includes names, social security numbers or salary data. By leveraging Salesforce Data Mask, ComplianceQuest ensures that sensitive data is masked with dummy text or random characters or deleted altogether even as the test and validation process works as designed. Salesforce Data Mask capabilities include:

  • Replace sensitive PI and PII data in any structured field, free text field, Chatter post or object to limit employee and contractor access using random characters or numbers, data from libraries, or custom patterns using non-deterministic masking.
  • Delete sensitive information entirely when it is not required for application development.
  • Empower everyone to build and customize without exposing protected data and remain compliant.
  • Data Mask uses security policies chosen by you in data classification to identify and highlight fields with a high likelihood of protected data.
  • Leverage a proprietary preprocessing algorithm for speed and easy configuration. Configure your Data Mask in production to have them included in every sandbox or directly in a sandbox if required.
leverage Salesforce to mask data

Designed to Accelerate GDPR Readiness

ComplianceQuest is designed to accelerate GDPR readiness through the following capabilities:

  • Right to be Forgotten

    ability to delete customer’s personal data at both an organization and individual level to meet GDPR obligations.

  • Consent

    includes an Individual object for tracking privacy preferences across multiple roles in your organization which can relate to one or many contacts, accounts, and custom object records.

  • Accountability / Transparency

    offers customers robust data processing containing strong privacy commitments. It contains data transfer frameworks ensuring that customers can lawfully transfer personal data to Salesforce outside of the European region.

  • Data Portability

    Salesforce Platform helps customers’ requests to export their data. Data can be extracted via both UI-driven as well as API-driven methods, including reports and report/dashboard APIs, data loader, Apex, SOAP and REST APIs, and third-party ETL tools.

  • Restriction of Processing

    On the Salesforce Platform, records can be identified, exported, and deleted upon receiving a verified request to restrict processing. If the restriction is lifted later, the records can be re-imported.

  • Security

    Salesforce has security built into every layer of the platform. The infrastructure layer comes with replication, backup, and disaster recovery planning. Network services have encryption in transit and advanced threat detection. Application services implement identity, authentication, and user permissions. As mentioned above, Salesforce also offers an additional layer of trust with Salesforce Shield, including Platform Encryption, Event Monitoring, and Field Audit Trail.

Unmatched User Authenticator Settings

Unmatched User Authenticator Settings

The ComplianceQuest platform offers an unparalleled set of user authenticator settings that ensure the highest level of security and convenience for your organization. ComplianceQuest offers Single Sign-on (SSO) capability to improve usability without sacrificing security. Our platform also provides Multi-Factor Authorization (MFA) to add an extra layer of security by requiring users to provide additional authentication factor such as a one-time password (OTP) or by connecting a 3rd party authenticator app, to prevent unauthorized individuals from gaining access to your sensitive information.

With ComplianceQuest you can configure your MFA and SSO options at any time. Administrators can also use our dashboard to monitor user activity, enforce security policies, and track compliance with industry standards such as SOC 2 and ISO 27001.

With our software's robust user authenticator settings, you can be confident that your accounts are secure and your data is well protected.

Know More About GDPR

To know more about how GDPR is addressed on the Salesforce platform, please visit

www.salesforce.com/gdpr/overview/

For more information on ComplianceQuest data privacy, please contact us at

PrivacyOfficer@compliancequest.com

Request a Online Demo

In Need of Smarter Ways Forward? Get in Touch.

Get a Demo Today
spinner
Request Demo