• Emily Malone

Salesforce Community Cloud and GDPR

Salesforce is well-known for being the world’s most trusted cloud platform for business. Protecting customer data is at the very top of their priorities; in fact, it’s one of the company’s most important and distinctive qualities over their competitors. So, now that GDPR is on the not-so-distant horizon, how have they planned to help us Community users commit to this new general data protection law?

Well, nestled into the Salesforce platform are lots of different tools to help you manage your customer data and track the preferences and consent of end users. But before we begin, if you’re still unfamiliar with the new legislation, below is a three-ish-minute introduction to cover the basics. If you are clued up, feel free to skip right past this handy little video.

Here are some of the ways Community Cloud can help us when May 25th comes around:

Right to be forgotten

Data deletion for Communities is pretty important to comply with various data protection and privacy regulations like GDPR. When your customer requests it, or when it’s no longer necessary to keep it, you need to be able to delete data with ease.

Examples of this could be when a customer wants their Chatter posts removed from a group, or if they want their files and content folders to be deleted. There are a few situation this applies to. Here are a list of possible data deletion requests from Community Cloud, and what to consider should a user ask you to do this for them.


It’s common for data protection and privacy regulations to require you to honour your customer’s requests about how you actually use their data. If a customer wants to receive only specific forms of contact with your company, you shouldn’t use their data to add them to everything and spam them with whatever you want.

For example, Community users needs to be able to opt in and out of groups, or to choose how frequently they get Chatter notifications. Salesforce explains the things to consider here.

Restriction of processing

Some laws and regulations need you to restrict the processing of your customers’ data. Luckily, Salesforce allows records to be identified, exported, and deleted upon receiving a verified request to restrict processing. For example, a user might not be keen on surfacing as a Top User in their Community, so they might ask you to stop them from being flagged as one.

Data portability

You can use Community Cloud to help honour user requests to export their data. For example, your customer might be leaving you or switching from your business to another, but wants to take the data regarding their activity with them, including all their Chatter posts. You must be able to provide this. Here’s how.


Salesforce also have this data processing addendum, which clearly details all of their privacy commitments. Obviously, it’s a pretty long read because it contains absolutely everything about their data privacy policies, including things like data transfer frameworks and how Salesforce plans to assist their customers in GDPR compliance. So, if you’re serious about complying (which you probably should be), you’d be best to give it some attention.


Salesforce is built with security at every layer of the platform to protect our data and applications. They work with users to make sure we can all use Salesforce safely and efficiently by avoiding phishing and Malware, providing backup and disaster recovery, advanced threat detection, authentication, user permissions, and more. Read all about it in the Salesforce Security Guide.

All this was sourced from Salesforce’s handy new GDPR website, where they’ve released details explaining how Salesforce customers can make sure they comply with key GDPR principles while using their platform. You can access that right here, and I recommend you do. If you dig around there are loads of helpful bits of info to start getting your business clued-up on the new data protection laws.

We’ve booked to attend the certified EU General Data Protection Regulation Foundation Training Course in Birmingham on the 26th March. If you can make that date, we’d love to see you there. If not, don’t worry. We’ll be posting more blogs about what we learn on the day, so keep an eye out for that!