Article 25

Data protection by design and by default

​

For Salesforce customers this article is generally the most challenging to understand. It covers a number of different privacy rights such as the right to revoke consent, view/access/obtain their personal information and in some cases, right to erasure. Where applicable information must be given on who the data controller and data protection officer is.

​

Impact

​

Business processes and measures are required to support pseudonymization, commonly referred to as de-identification or anonymization of customer information. Having a simple process to comply with the right to view/access/obtain information is also critical.

​

Solutions

​

Manual: Build a flow process or apex to delete or anonymize requested customer data

​

Automated: Consent Management

​

Next: Article 30

​

​