Great overview deck from Dreamforce 2017 for ISVs needing to be compliant with GDPR. Great reference for almost anyone in a regulated industry

1. ISV’s & Salesforce: GDPR
Perspectives and Discussion
​ Your Salesforce Readiness Guide
Dreamforce 2017

2. Forward-Looking Statements
​This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any
of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking
statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or
service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for
future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts
or use of our services.
​The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our
service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth,
interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible
mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our
employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com
products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of
salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most
recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information
section of our Web site.
​Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be
delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available.
Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
​Statement under the Private Securities Litigation Reform Act of 1995

3. Let’s Talk GDPR
Salman Malik
COO, Products
Salesforce
salman.malik@salesforce.com
Lindsey Finch
SVP Global Privacy,
Salesforce
lfinch@salesforce.com
** Confidential **

4. What is GDPR?
Restriction of
Processing
Legal Basis for Processing
Right to be Forgotten
Security
Accuracy & Portability
Transparency

5. The Purpose of GDPR
​Delivering Security and Data Privacy to all
Accountability
Security
Individual
Rights
Prevent
unauthorized access
Be transparent and
take ownership
Preserve individual’s
privacy while
delivering products
and services

6. Our Salesforce Trust Commitment
Building a GDPR partnership for lasting success
** Confidential **
Training and
Guidance
Trails & peer-to-peer
events to learn from
top experts
Customer
Success
Enable our customers
to build trusted
relationship
Product
Innovation
Redefining how to
manage & protect
customer data
Ongoing
Collaboration
Alignment with data
protection
authorities &
customers
Security
& Compliance
At the core of
everything we do
& build

7. A Proven History of Ensuring Data Privacy and Trust for All
​Building a GDPR partnership for lasting success
Salesforce's privacy program meets
highest industry standards
October 2015 November 2015 August 2016
Response to Safe
Harbor Invalidation
EU-U.S. Privacy
Shield Certification
Binding Corporate
Rules Approved

8. Today’s GDPR Challenge
​ What’s holding you back?
86%
of
organizations
are
concerned
that
not
adhering
to
GDPR
will
have
major
negative
impacts
on
their
business
Trusted
Customer
Relationships

9. The Bedrock of the Salesforce Platform
ArtificialIntelligence
UserExperience
Data ComplexIntegrations
Identity
Trust&Security
Analytics
Developer Skills
Network&Firewall
Metadata
Predictive
Marketing
Predictive
Service
Unified
Commerce
Faster
Collaboration
Faster
Results
Guided
Sales
Smart
Apps

10. Put the Customer at the Center
“Stop processing my
data”
“Get my permission”
“Delete my data”
“Prevent unauthorized
access to my data”
“Update my data.
Give me a copy of my data”
“Tell me about your data
protection practices”

11. Your Platform for Customer Success and GDPR Readiness
SALESFORCE PLATFORM
Trusted
Customer
Relationships
​The bridge to compliance & trusted customer relationships
86%
of
organizations
are
concerned
that
not
adhering
to
GDPR
will
have
major
negative
impacts
on
their
business

12. Building a GDPR roadmap for lasting success
GDPR Product Innovation Journey
Salesforce
GDPR
Product
Roadmap
2016 Spring ‘18
CONDUCT GAP
ANALYSES/ DESIGN
SOLUTIONS
Complete
VALIDATE
SOLUTIONS
WITH
CUSTOMERS
ENHANCED
GDPR RELEASE
DEFINE SCOPE & GDPR
POLICIES
Complete
ADDITIONAL GDPR
RELEASES
GDPR
Compliance
May 25, 2018
Over 200 people across Engineering, Product Management, Strategy and Legal have been working
on our Salesforce GDPR strategy.
Today our products meet a majority of the GDPR requirements – and we are validating our
approach with our customers.

13. Salesforce Accelerates Your GDPR Readiness
Restriction Flag
(coming 2018)
Preference Management
Consent Object (coming 2018)
Salesforce Infrastructure
& Shield Security
Granular Update &
Export Controls
Granular Deletion
Controls
Trust & Compliance
Documentation

14. Consistent and Extensible Consent
New Standard Entity to Store “Data Subject” Consent
Represents consent across the
several roles a person can play
Provides customers and Partners
building blocks to implement
custom consent regimes

15. Consistent and Extensible Consent
New Standard Object
Org Preference with Field History Tracking
Look-up from Contact, Person, Account, Lead, and User objects
Can be associated with custom objects as well(1:n Relationship)
Consent and Intent includes:
Block geolocation tracking
Don’t process
Don’t profile
Don’t solicit
Don’t track
Export individual’s data
Forget this individual
OK to store personal data elsewhere

16. Japan’s Act on the Protection of
Personal Information (APPI)
EU ePrivacy Regulation & Directive
on Security of Network &
Information Systems (NIS)
US Health Insurance Portability
and Accountability (HIPAA)
Canada’s Personal Information
Protection and Electronic
Documents Act (PIPEDA)
Looking Beyond GDPR
Salesforce Innovation to Match the Growth of Regulation
Consistent and extensible consent
Contact deletion framework
Standardized indications of intent
Session anomaly detection
Bring Your Own Key and Filter Preserving encryption
** Confidential **

17. Salesforce Resources to Guide Your GDPR Journey
DF Trail map, Website, Whitepapers, GDPR Trailhead, and more….
Txt GDPR to 805-65

18. Panel
Tod Nielsen
CEO,
OwnBackup
Sam Gutmann
CEO,
FinancialForce
CMO,
Kimble
VP, Identity Product
Management, Salesforce
Mark Robinson Ian Glazer
** Confidential **
Ian Gotts
Founder & CEO
Elements.cloud