Thoughts on technology and innovation
Matt Rist, Director of Product Delivery
The General Data Protection Regulation (GDPR) is an European Union (EU) data privacy regulation intended to give EU residents (including UK residents) more control of their data. The GDPR is scheduled to go into effect on May 25, 2018.
Your association is based in the United States, so why does GDPR affect you? Any organization collecting or processing data from an EU resident must be compliant. (For a detailed explanation of the GDPR and its regulations, please visit the GDPR homepage.)
We anticipate more than 80 percent of our customers will be affected by the GDPR.
Nimble AMS and achieving GDPR compliance
During Summer 2018, we are introducing new tools to help your organization on your journey towards GDPR compliance. There are four themes we have followed to offer the most robust solution for an AMS on the Salesforce platform.
Leverage the platform
Salesforce has placed a priority on supporting the GDPR. Nimble AMS will incorporate new capabilities, such as the new Individual Object, in Nimble AMS features, so organizations can effectively leverage them.
Salesforce is committed to data privacy beyond this legislation. We expect more tools in future releases, and we will integrate them into Nimble AMS when possible, making sure you’re able to take advantage of them.
Consent tracking capabilities
For Summer '18, we’ve added features to easily start tracking a member's consent preferences and ensure the information is up to date.
Consent alert in Community Hub
There are several additional options for making these new tools work for your organization. We have shared some of them to help you get started.
Consent tracking in staff view
In staff view, a few new fields have been added so you and your staff can easily see whether a member has given consent and when their last consented date occurred. Part of "Privacy by Default" allows for data subjects to periodically renew their consent. Process builder is a tool for building automation, connecting with to members to renew their consent.
Many of the compliance features are focused on transparency. It’s designed for your association to easily share with users how they can use their individual data through privacy policies, consent and cookie alerts.
Also during Summer '18, we will introduce a cookie alert to Community Hub. This alert notifies users cookies are being tracked, and, with a click of a button, they can consent to track cookies. If they do not provide consent, they are redirected away from Community Hub. This alert persists until the user clicks the "I Understand" button.
Individual data access
We have introduced easy ways for individuals to update information, request a copy of their data, or forget their data entirely. Much of this is achieved through Community Hub.
First, we’ve added a new page called “My Privacy Settings,” whereby you can use field set forms to expose privacy fields, such as “Don’t Market to Me” to the individual and allow them to update it.
Members can also request to be forgotten from the “My Privacy Settings” page, requesting their data. This creates a task in “Staff View,” and assigns it to a member of your staff. Anonymizing a user permanently removes any personally identifiable data from all records related to that individual.
One important tool being released with Summer 18 is the anonymization tool. This tool allows your staff to anonymize personally identifiable information for individuals at their request. This tool can be configured by your staff to include any objects and fields your organization has configured that could contain personally identifiable information.
The May 25 deadline is approaching. If GDPR Compliance is important to you and your organization, here are some simple next steps:
Want to learn more? Here are additional resources for understanding GDPR: