Is your Salesforce Cloud compliant with data residency regulations?
A lot of multinational organizations use Salesforce as their tool of choice for customer relationship management in the cloud. It provides a lot of flexibility and convenience while allowing access to the data from any device and work from any location.
Salesforce platform has high-security standards, but recent changes in global data protection regulations have imposed restrictions in many countries around the world.
This is why such highly regulated businesses as healthcare, financial services and retail will especially need to review their Salesforce cloud data implementation strategy.
Are you covered with all necessary local compliance requirements since your initial set up? Read this blog to discover why you may need additional software providers like InCountry to help your company with Salesforce data residency and data protection locally.
Learn more about Data Residency integration for Salesforce by InCountry here
Data Residency Laws in Action
Your customers’ data in Salesforce may have to be stored within the country borders – depending on the country (or countries) where your business operates. As an example, Australia controls its health records, China requires all customer data to be hosted on China-based servers, Russia demands all personal data to be stored in the country and so on.
For data privacy and security Salesforce uses the shared responsibility model. Such regulated data as Protected Health Information (PHI) and Personally Identifiable Information (PII) is treated by Salesforce as the data processor, which means that Salesforce is responsible for providing sufficient physical and technical security measures while it’s Salesforce customers who are accountable for the integrity, quality, usage of the data, as well as the types of data being stored.
Certain industries dealing with personal data are highly regulated – such as healthcare, financial services or retail. They especially need to review Salesforce cloud data implementation strategy, as in many countries customer data is required to be kept on in-country servers. Of course, such rules make using cloud-based CRM systems like Salesforce very complicated.
It is also obvious that some CRM providers attempt to keep up with changes, Salesforce in particular tries to expand their local representation. As of October 2020, they have their data centers running in the following areas:
- Chicago, Illinois, United States (USA)
- Dallas, Texas, United States (USA)
- Frankfurt, Germany (DE)
- Kobe, Japan (JPN)
- London, United Kingdom (UK)
- London North
- London West
- Paris, France (FRA)
- Phoenix, Arizona, United States (USA)
- Tokyo, Japan (JPN)
- Washington DC, United States (USA):
- Washington DC North
- Washington DC South
However, these options don’t solve cloud computing issues for all other countries. This is where InCountry can help you scale your SaaS or any other business locally and we will discuss it in this article. But first let’s check restrictions in specific industries.
Data protection challenges in financial services industry
Financial services industry typically protects two types of data – PII (personally identifiable information) and PFI (personal financial information), which are non-public information.
Organizations should understand what data they own and what it is used for: is it going towards marketing purposes, or is the data being retained in order to maintain accurate books and records? Start with identifying what data is collected for your customers versus what data is collected for potential customers.
If you’re dealing with a prospect, laws like CCPA manage their privacy preferences. In particular, under CCPA, if a prospect contacts your organization requesting that their personal data be erased, you need the ability to identify all data associated with that individual and delete it.
If they aren’t a customer, any data must be removed. To facilitate this process, your company needs methods for identifying who is a client and who is a prospect, locating the information on file and erasing the information promptly.
Data protection challenges in healthcare industry
In the healthcare industry everything revolves around HIPAA compliance. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a prescriptive set of security standards and requirements intended to protect patient data. HIPAA is so critically important to healthcare organizations, that healthcare organizations tend to shy away from newer technologies, especially cloud-based solutions.
To this day, less than half of healthcare IT professionals report being comfortable using cloud-based solutions, and only 30% have a strategy in place to move their organization’s data to the cloud, according to a 2018 survey assessing healthcare IT professionals’ attitudes toward cloud-based solutions.
Yet, the healthcare industry is adopting fast the next-generation cloud-based technology solutions. As healthcare organizations go after cloud technologies, they’re finding that InCountry for Salesforce integration was developed specifically to meet HIPAA’s exacting requirements for compliance, security, governance, and data reporting.
A complete platform to automate cloud data compliance for Salesforce – InCountry
WIth InCountry integration for Salesforce you can securely store Salesforce data in over 90 countries, including different records in different countries. You will leverage all benefits of Salesforce while maintaining compliance with regulatory and internal policies, in particular:
- InCountry’s solutions are HIPAA compliant and PCI DSS certified, so you will accelerate time to compliance and save months of development by using our Salesforce integration.
- InCountry for Salesforce can store all data in specific countries or a real time copy in a specific country – depending on the relevant regulatory environment.
- We deliver seamless data residency experience by helping businesses integrate with Salesforce object writes, detail view reads, list view reads and federated search.
- We provide optional full encryption using NIST standard SHA-256 and AES-256 encryption.
- You will minimize risks and total cost of ownership of your own infrastructure.
- InCountry provides local country-based regulations such as FZ-152 in Russia.
Key things to consider on your Salesforce compliance journey
The key thing to consider during your compliance journey is how you can future-proof your privacy posture against emerging local legislation because compliance requirements became the new normal of handling customer data.
Data localization acts are a powerful driver to rethink what you’re doing with customer data, reconfigure what information you’re processing for customers, and extend trust by offering additional transparency, visibility, and control over customers’ PII.
Why does privacy matter? Because it enables trust. And trust results in successful business and loyal customers.
Data safety regulations are becoming so omnipresent they can’t be ignored. It is up to companies using Salesforce, to ensure the protection of their customers’ information, which is – adhering to compliance laws defining where customer-related information shall be stored. And InCountry is a great solution for that.