action.skip

How to monitor sensitive data?

← Legal FAQ ← Salesforce Environment FAQ

Your business must comply with multiple data protection and data privacy requirements. In order to support data management policies with this respect, you can classify sensitive data on the field level. For example, you can categorize a field as holding personally identifiable information and, consequently, monitor the data – contributing to compliance.

In Salesforce, data classification is achieved through metadata applied to any standard or custom object field. Using this metadata, you record the data owner, field usage, data sensitivity, and compliance categorization.

jo_faq_legal_data_class
Defining sensitivity-related metadata

The following data classification metadata fields are available:

Field Description
Data Owner The person or group responsible for the field's data.
Field Usage Shows whether the field is in use.
Data Sensitivity Level The sensitivity of the field's data.
Compliance Categorization The laws, regulations, definitions or other legal resources that are related to the field's data, like GDPR (EU General Data Protection Regulation) or PCI (Payment Card Industry).

Salesforce provides a number of default values for commonly used classifications. You can, however, customize the available values according to your business requirements.

Here is a rough outline of what to do:

  1. Identify all data fields that hold sensitive data.

  2. Apply the required metadata to these fields.

    1. Navigate to the fields list of the relevant object.
    2. Click Edit in the row of the field you want to edit.
    3. Select the values for Data Owner, Field Usage, Data Sensitivity Level and Compliance Categorization as required.
    4. Click Save.

  3. Create reports that cover your data management policies.

    For details, see Create Reports from Data Classification Metadata in the Salesforce Help.

    This helps you to monitor sensitive data and, consequently, answer requests with respect to data protection and data privacy requirements.

Info

In addition, data classification can guide decisions around access privileges, allowing to expose different data sets to different sets of users.

Related information:

Does JustOn comply with the EU GDPR?
Accounting Standard Compliance
Data Protection and Privacy | Salesforce Help
Classify Sensitive Data to Support Data Management Policies | Salesforce Help