Given the sensitive nature of personally identifiable information (PII), there are multiple regulations businesses need to be aware of when they collect email addresses, payment information or anything else that could potentially identify a customer.
But securing PII is more than just adhering to compliance regulations — it also helps you build trust with your customers, and lets them know their privacy is paramount when they connect with you.
Unfortunately, PII compliance can be challenging — particularly for organizations with complex enterprise systems or large user databases. We’ve created this step-by-step PII compliance checklist to help make sure you’re properly protecting your most sensitive data.
You can’t properly protect PII if you don’t know where it is. The first step in protecting your sensitive data is discovering where it resides in your business applications.
A preliminary review of where PII is (or could be) stored will likely return a large volume of data. Not all of it will be relevant. Data classification will help you flag the systems and processes that will be most critical to PII compliance.
Data classification gives you an excellent position to develop risk-based PII compliance policies. Once you know where your sensitive personal data lies, you can create rules for managing it effectively. This not only helps with PII compliance, it will improve overall the quality of your data as well as big-picture issues like security and business continuity.
*Note: Data classification is a critical tool for compliance and security — and luckily, we have a few resources to get you started:
A privacy impact assessment tests the effectiveness of your data governance framework and lets you know if there are any gaps you should be concerned with.
After you’ve completed the steps above, you should be ready to implement the processes you’ve laid out in your PII governance framework. This step, as you can imagine, is the most important aspect for PII compliance; if you don’t bring your data protection policies to life, then they are useless.
Just getting started on your compliance journey? Check out our article on GDPR in Salesforce before you go!