"I don't know where all our customer data is!" - said no Salesforce admin ;-)
Why keep data inventory?
Perhaps to figure out who has access to customer data
Internally,
Externally - vendors, partners et al.
So that you can put permissions and controls around it
It lets cisos formulate better security coverage,
Streamlines impact assessment aka dpia
And is a requirement under privacy laws,
So, how can you do it?
1. Use Salesforce data classification metadata fields
Enable it, tag fields, report on it, etc.
- Non-extensible, can’t add fields for other data elements
- Update manually for changes :(
- Audit history limited to 180 days
1.B. Download as .csv and maintain in Excel/Sharepoint
- Update manually for changes & it is Excel/Sharepoint :(
2. Use cloud compliance AppExchange package
Gets all metadata with a single button click
Apply audit trail, approvals, workflow, other automation
1 more click for new fields after config changes
Extend to other system inventory
In summary
Doing data inventory is important
It is also required by CCPA, GDPR, LGPD, HIPAA, etc.
How are you doing it?
