In today’s connected world where so much information is collected, consumers are more aware of how much of their data is captured. They want better control of their communication preferences, such as email, texts, and phone calls. It’s up to organizations who collect that data to: properly manage their customers’ privacy and communication preferences; adhere to privacy laws, such as the European Union General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA); and maintain compliance with the ever changing landscape brought on by numerous US state and federal laws.
Managing the complexity of communications, privacy, and compliance can be daunting, but Salesforce provides a number of tools within the Salesforce Platform to help you stay compliant and meet your customers’ needs around preference management.
Individual object in the Salesforce Platform
The first step is to take advantage of the Individual object in the Salesforce platform. When you first encounter a customer who’s interested in your products or services, you would enter their information as a lead. Once the person purchases your product or service, you can convert that lead to a Contact Object, or that customer’s information can be stored in a Person Account. There’s also a chance that the person’s information is stored in multiple objects. Maybe their legal name is Johnathan Smith, but they go by John or Johnny. There could be some contacts with the same email, but entered once as John Smith, and another time as Johnny Smith. The Individual Object will help you manage preferences for that person across the multiple objects in this scenario or a single user record. The Individual Object also enables:
- Collecting, storing, and sharing of personal data
- Packaging personal data so customers can take ownership of it
- Deleting records and personal data
- Solicitation of products and services
- Tracking their geolocation and web activity
Salesforce Consent Data Model
The Individual Object is a big component of the Salesforce Consent Data Model (image below). This data model is the foundation of Salesforce’s long-term view of consent. It considers the individual’s entire experience, not just a single contact point.
Let’s explain the model using this scenario: A user (Individual) would like to be contacted via email (ContactPointTypeConset), but only using their personal email address (ContactPointConsent) for promotional emails (Data Use Purpose). You can add the option for SMS texting (ContactPointTypeConsent) at a later date for shipping notifications (Data Use Purpose). The data model enables you to manage multiple types of consent across multiple brands for different data use purposes. The Individual Object is the key for tying all those different scenarios to a single person. This enables your organization to better manage compliance requirements around consent management.
Managing customer preferences with Privacy Center
Once you’ve enabled the Individual Object and have an understanding of the model, the next item to think about is how to enable the customer to manage their preferences. Before you start configuring the Salesforce platform, you’ll need to plan for the implementation. There are a lot of items to think about, including:
- Understanding the business process and creating policies around how the data will be used
- Reviewing the Salesforce Consent Data Model to ensure you understand how you want to capture consent. One method would be to use the Consent Capture Flow Template created by Salesforce Labs
- Developing policies and procedures for tracking and and reporting Data Subject Access Requests (DSAR)
- Verifying that your processes align with any legal and compliance requirements that your organization will need to follow
Now that you’ve developed your policies and procedures you can start implementing the technology to meet those goals. We recommend using Salesforce Privacy Center to easily configure preference management and track the process. Privacy Center enables you to create easy-to-use forms that you can insert into any website or email. Privacy Manager will help you securely capture customer preferences for how, why, and when you can contact them.
Keep data safe and ensure compliance with easy-to-use tools
Salesforce Privacy Center makes it easy to manage how your Salesforce org retains, deletes, anonymizes, and transfers customer data. Use customizable features to meet data privacy laws like GDPR, CCPA, AND CPRA.
How to start
The first step to manage preferences is to launch Privacy Center and set up consent templates in Privacy Preference Manager. This enables you to customize your contact point types (e.g., phone, web, social). You can either do this with Apex or use the interface in Privacy Center. These templates can be used across multiple brands and business lines so you have a consistent set of forms that are tailored to your specific business and compliance needs.
From there you can use a template to create a form that your customer will use to enter their preferences. Once the form is created, you can drag and drop the form in Experience Builder. Or you can take the code and embed it into your own site. This ensures that your end users will have a consistent experience across sites and brands.
There are many other functions that Privacy Center can accomplish. Such as tracking data subject access, right to be forgotten requests, and anonymizing or pseudonymizing data in production. All of these tools will help you manage your data and ensure you’re meeting your regulatory requirements. More importantly, by utilizing the Individual Object along with Privacy Center, you’ll be able to track and monitor your customers’ preferences and provide them with an integrated and easy experience to ensure you’re meeting compliance requirements.
General Data Protection Regulation
Salesforce remains committed to helping our customers comply with the General Data Protection Regulation (GDPR) through our robust privacy and security protections.