Interview: How Companies are Preparing for GDPR with Sovan Bin


Today on the Salesforce Admins Podcast we’re joined by Sovan Bin, the founder and CEO of Odaseva, an AppExchange partner that helps companies large and small get ready for GDPR. He also happens to have over 12 years of experience in the Salesforce ecosystem, so we sit down to talk about what you can do to be ready for the new regulations.

Join us as we talk about GDPR, the nitty gritty of the Right to Be Forgotten, personal consent, retention, and why you need to look at all aspects of your data to prepare for the regulations.

You should subscribe for the full episode, but here are a few takeaways from our conversation with Sovan Bin.

The many use-cases of GDPR compliance.

Sovan has a lot of experience working in the Salesforce ecosystem. He started as an Admin, and then was certified as a Technical Architect with a specialty in data. “GDPR is all about data,” Sovan says, “data, security, governance, and compliance improvements.”

Sovan founded Odaseva in 2012 as a data platform, and they work to streamline the GDPR preparation process, “we handle backup, archiving, and GDPR accelerators.” They have 8 use-cases for GDPR, some regarding security and some regarding data management. Sovan works with a number of customers to prepare for the regulations, and that insight can be super valuable for us Admins sitting at home listening.

Odaseva worked with Pathé Gaumont, the number one movie theater company in Europe, to deal with multiple use-cases regarding GDPR. Specifically, they focused on data retention. “When you have consent to collect the personal data of individuals, you have to delete that data after two years.” They also worked with Toyota to implement the Right to Be Forgotten. “If someone calls your company and asks you to remove their data from your systems, you have thirty days to comply and remove it from Salesforce and other systems,” Sovan says.

Implementing changes for the Right to Be Forgotten.

When it comes to actually dealing with implementing the changes you need to make to be GDPR compliant, Sovan and Odaseva mostly work through customized Apps on the AppExchange. “If we talk more about the Right to Be Forgotten, sometimes we think we just need to click on the ‘delete’ button to comply with a request or use a data loader to do that,” he says but as the Admin in charge of GDPR compliance for your company you know that deleting something is a bit more complicated than that, and you don’t necessarily want to lose business information while you’re trying to scrub the personal information.

“Right to Be Forgotten is not always about deletion, it’s about three strategies,” Sovan says, “number one, make sure that you delete real personal data in records or objects where it’s very difficult to predict what kind of information is there.” Some examples would be things like attachments or case comments. “Number two, make sure you don’t touch business data because it belongs to your company,” Sovan says, so things like aggregated revenue with a roll-up summary field on the contact object or opportunities should remain because your dashboards and reports would be affected by that. “Number three,” Sovan says, “is to anonymize the data by changing things like their name and birthdate so the data remains largely unchanged but it’s not easy to come back to the person.”

Sounds like a lot of work, and Odaseva’s main mission is to streamline and automate that process. “They have one button on the contact object that executes this three-layer strategy,” Sovan says, but it’s customized based on what a particular company’s data and org looks like.

Other compliance speed bumps.

Another problem with GDPR compliance comes when you’re dealing with a development environment. Even in a perfect security environment, where accessing all of the data is very restricted and secure, it’s often times the case where a sandbox will have a perfect copy of the data from productions but be much easier to view. “One of the use-cases of GDPR that is quite a quick win to implement is to anonymize the personal data inside the full sandbox,” Sovan says.

“Consider that personal data, from the GDPR philosophy, is the most critical asset that you have to protect with all of your knowledge,” Sovan says, “you have to make sure that you don’t lose it, that it’s not being stolen, and you have to be able to delete it on-demand.” So backup is very important for compliance and you have to have plans in place to be able to recover lost data.


Salesforce GDPR Resources

More on Odaseva


We want to remind you that if you love what you hear, or even if you don’t head on over to iTunes and give us a review. It’s super easy to do, and it really helps more Admins find the podcast. Plus, we would really appreciate it.


Love our podcasts?

Subscribe today on iTunes, Google Play, Sound Cloud and Spotify!

Ian Glazer and Laura Pelkey on the Salesforce Admins Podcast.

Security Breaches and MFA with Ian Glazer and Laura Pelkey

On today’s episode of the Salesforce Admins Podcast, we’re bringing on Ian Glazer, SVP Identity Product Management, and Laura Pelkey, Sr. Manager, Security Customer Engagement at Salesforce. We talk all things multi-factor authentication (MFA) and have a really honest conversation about implementing it and the benefits. You should subscribe for the full episode, but here […]


MFA vs. SSO: What’s better for my org(s)? with Mat Hamlin

On this episode of the Salesforce Admins Podcast, we hear from Mat Hamlin, Senior Director of Product Management at Salesforce. We’ll dive into multi-factor authentication (MFA), and why all Salesforce users will be using it by February 1st, 2022. Join us as we talk about multi-factor authentication, single sign-on, tracking and adoption, and a little […]


Backing Up Your Data Under GDPR with Lee Aber

Today on the Salesforce Admins Podcast we have a conversation with Lee Aber, Chief Information Security Officer at OwnBackup, to talk about backing up your data under GDPR, when began on May 25. Join us as we talk about the complex interactions between backups and GDPR, how to look at your data infrastructure, and understanding […]


Have an Idea for a Story?

We are all about the community and sharing ideas.
Do you have an interesting idea or useful tip that you want to share?