Interview: How Companies are Preparing for GDPR with Sovan Bin

By

Today on the Salesforce Admins Podcast we’re joined by Sovan Bin, the founder and CEO of Odaseva, an AppExchange partner that helps companies large and small get ready for GDPR. He also happens to have over 12 years of experience in the Salesforce ecosystem, so we sit down to talk about what you can do to be ready for the new regulations.

Join us as we talk about GDPR, the nitty gritty of the Right to Be Forgotten, personal consent, retention, and why you need to look at all aspects of your data to prepare for the regulations.

You should subscribe for the full episode, but here are a few takeaways from our conversation with Sovan Bin.

The many use-cases of GDPR compliance.

Sovan has a lot of experience working in the Salesforce ecosystem. He started as an Admin, and then was certified as a Technical Architect with a specialty in data. “GDPR is all about data,” Sovan says, “data, security, governance, and compliance improvements.”

Sovan founded Odaseva in 2012 as a data platform, and they work to streamline the GDPR preparation process, “we handle backup, archiving, and GDPR accelerators.” They have 8 use-cases for GDPR, some regarding security and some regarding data management. Sovan works with a number of customers to prepare for the regulations, and that insight can be super valuable for us Admins sitting at home listening.

Odaseva worked with Pathé Gaumont, the number one movie theater company in Europe, to deal with multiple use-cases regarding GDPR. Specifically, they focused on data retention. “When you have consent to collect the personal data of individuals, you have to delete that data after two years.” They also worked with Toyota to implement the Right to Be Forgotten. “If someone calls your company and asks you to remove their data from your systems, you have thirty days to comply and remove it from Salesforce and other systems,” Sovan says.

Implementing changes for the Right to Be Forgotten.

When it comes to actually dealing with implementing the changes you need to make to be GDPR compliant, Sovan and Odaseva mostly work through customized Apps on the AppExchange. “If we talk more about the Right to Be Forgotten, sometimes we think we just need to click on the ‘delete’ button to comply with a request or use a data loader to do that,” he says but as the Admin in charge of GDPR compliance for your company you know that deleting something is a bit more complicated than that, and you don’t necessarily want to lose business information while you’re trying to scrub the personal information.

“Right to Be Forgotten is not always about deletion, it’s about three strategies,” Sovan says, “number one, make sure that you delete real personal data in records or objects where it’s very difficult to predict what kind of information is there.” Some examples would be things like attachments or case comments. “Number two, make sure you don’t touch business data because it belongs to your company,” Sovan says, so things like aggregated revenue with a roll-up summary field on the contact object or opportunities should remain because your dashboards and reports would be affected by that. “Number three,” Sovan says, “is to anonymize the data by changing things like their name and birthdate so the data remains largely unchanged but it’s not easy to come back to the person.”

Sounds like a lot of work, and Odaseva’s main mission is to streamline and automate that process. “They have one button on the contact object that executes this three-layer strategy,” Sovan says, but it’s customized based on what a particular company’s data and org looks like.

Other compliance speed bumps.

Another problem with GDPR compliance comes when you’re dealing with a development environment. Even in a perfect security environment, where accessing all of the data is very restricted and secure, it’s often times the case where a sandbox will have a perfect copy of the data from productions but be much easier to view. “One of the use-cases of GDPR that is quite a quick win to implement is to anonymize the personal data inside the full sandbox,” Sovan says.

“Consider that personal data, from the GDPR philosophy, is the most critical asset that you have to protect with all of your knowledge,” Sovan says, “you have to make sure that you don’t lose it, that it’s not being stolen, and you have to be able to delete it on-demand.” So backup is very important for compliance and you have to have plans in place to be able to recover lost data.

Trailhead

Salesforce GDPR Resourceshttps://www.salesforce.com/gdpr/overview/

More on Odaseva

Twitter:

We want to remind you that if you love what you hear, or even if you don’t head on over to iTunes and give us a review. It’s super easy to do, and it really helps more Admins find the podcast. Plus, we would really appreciate it.

 

Love our podcasts?

Subscribe today on iTunes, Google Play, Sound Cloud and Spotify!

What Are the Key Features of Salesforce’s Model Builder?

Today on the Salesforce Admins Podcast, it’s another deep dive with Josh Birk as he talks to Bobby Brill, Senior Director of Product for Einstein Discovery. Join us as we chat about how you can use Model Builder to harness the power of AI with clicks, not code. You should subscribe for the full episode, […]

READ MORE

Make a Cybersecurity Plan with Garry Polmateer

Today on the Salesforce Admins Podcast, we talk to Garry Polmateer, CEO of Red Argyle, a Salesforce Consulting agency, and a member of the Salesforce MVP Hall of Fame. Join us as we chat about why admins need to be involved with cybersecurity at their organization and how to start planning. You should subscribe for […]

READ MORE

Being a Security Advocate with Laura Pelkey

Today on the Salesforce Admins Podcast, we talk to Laura Pelkey, Senior Manager of Customer Security Awareness & Engagement at Salesforce. Join us as we chat about how to be a security-minded advocate within your organization and what it could do for your career. You should subscribe for the full episode, but here are a […]

READ MORE