Salesforce Data Cloud and Customer 360: Free Consulting Workshop

Salesforce is now offering Data Cloud to its customers for free!

Recently announced at Dreamforce 2023, all existing Salesforce customers with Sales Cloud or Service Cloud (Enterprise or Unlimited licenses) now have access to Salesforce Data Cloud. This complimentary package includes two Tableau Creator licenses at no additional cost and Data Cloud licenses for up to 10,000 profiles.

Salesforce Data Cloud is a rapidly evolving product within the Salesforce ecosystem, built natively on Salesforce Lightning, and seamlessly integrates with existing orgs. Salesforce is democratizing access to their customer data platform, ensuring that businesses of all sizes can harness the power of a data platform to connect, unify, and harmonize data, and thus creating a single source of truth for customers (Customer 360). This encompasses external data from company websites, mobile apps, and various business applications/products, as well as internal data from Salesforce orgs. In turn, this will facilitate improvements in sales, marketing, and operations through enhanced personalization, advanced segmentation, improved customer experiences, and more accurate predictions and recommendations. Salesforce Data Cloud offers advanced capabilities to make customer data management seamless.

The complimentary Tableau licenses offer access to a best-in-class business intelligence tool that is leading the adoption of AI and specifically Generative AI with the recently announced AI assistant called Einstein Copilot for Tableau. Tableau integration with Salesforce offers unparalleled opportunities to accelerate data discovery and new insights.

It's worth noting that Salesforce Data Cloud doesn't store data within native Salesforce Objects; instead, it resides in an off-core data lake as an integral part of the packaged solution.

Source: Salesforce

Key Salesforce Data Cloud Integrations

Here are some noteworthy native Salesforce Data Cloud connectors:

- Salesforce CRM
- Marketing Cloud
- Marketing Cloud Personalization (formerly Interaction Studio)
- B2C Commerce

Companies can also benefit from the pre-built Customer 360 Data Model, which serves as the standard data model for Data Cloud. The Customer 360 Data Model is designed to enhance interoperability and streamline the integration of data across various cloud applications. It can be extended to establish data lakes, support data analytics, facilitate machine learning, and more.

Salesforce Data Cloud serves as a pivotal entry point for capitalizing on AI investments. Specifically, AI is seamlessly integrated into Data Cloud to facilitate the harmonization of data from diverse sources and formats, automatically detect and rectify data discrepancies and anomalies, enhance customer data through enrichment, and elevate insights by predicting customer churn, forecasting, and making customer recommendations. Additionally, customers have the capability to leverage Salesforce Einstein Discovery for creating their own bespoke AI models. We consider this approach a pragmatic means of aligning business objectives and goals with the power of AI.

In addition to the Customer 360 features and AI capabilities, a standout feature is the pre-built connectors to both Google BigQuery and Snowflake. These connectors enable effortless access to data with zero duplication. Essentially, this means that you can access your BigQuery/Snowflake data without the need for replication or an ETL (Extract, Transform, Load) process.

Explore Salesforce Data Cloud with Kenway

If you are considering how Salesforce Data Cloud aligns with your Salesforce roadmap, Kenway Consulting is delighted to offer you a complimentary one-hour workshop. These workshops can assist you in understanding the value proposition and making informed decisions regarding your Salesforce product roadmap. To schedule your workshop, please contact us at [email protected].

FAQs:

1. Is Salesforce Data Cloud Secure?

Yes, Salesforce Data Cloud is indeed secure. Salesforce boasts a robust track record of prioritizing data security in Salesforce, with substantial investments made to safeguard their customers' data. Salesforce Data Cloud incorporates a range of security measures to ensure the protection of customer data. These measures include:

Encryption: Salesforce employs encryption for customer data both at rest and in transit. This means that even if unauthorized access is gained to customer data, it remains unintelligible without the encryption key.
Access Control: Salesforce utilizes role-based access control to guarantee that only authorized users have access to customer data. Customers also have the flexibility to configure Salesforce to implement additional security measures, such as multi-factor authentication.
Security Monitoring: Salesforce maintains round-the-clock security monitoring of its systems to detect potential threats. Should any security threat be identified, Salesforce takes immediate action to safeguard customer data.

2. When Was Salesforce Data Cloud Released?

Salesforce Data Cloud was released in 2023, as a rebrand of Salesforce Customer Data Platform (CDP) and Genie. It was first announced at Dreamforce 2022 and became generally available in early 2023.

3. What are some tips for using Salesforce Data Cloud effectively?

Start with a clear plan: Before you start using Salesforce Data Cloud, it is important to have a clear plan for what you want to achieve. This will help you to choose the right features and tools, and to get the most out of your investment.
Get your team on board: Salesforce Data Cloud is a powerful tool, but it is important to get your team on board before you start using it. This means training your team on how to use Salesforce Data Cloud and explaining the benefits of using it.
Monitor your results: It is important to monitor your results after you start using Salesforce Data Cloud. This will help you to identify what is working and what is not, and to make necessary adjustments.

4. Can Salesforce Data Cloud help with data privacy compliance?

Yes, Salesforce Data Cloud can help with data privacy compliance in a number of ways.

Data unification: Salesforce Data Cloud can help you to unify your customer data from across multiple sources and create a single view of each customer. This can help you to better understand your customers and their privacy preferences and enable quick response to privacy inquiries.
Data quality: Salesforce Data Cloud provides tools to help you identify and correct data errors, and to ensure that your data is complete and accurate. This is important for ensuring that you are complying with data privacy regulations, such as the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA).
Data access control: Salesforce Data Cloud provides role-based access control to ensure that only authorized users have access to your customer data. This can help you to prevent unauthorized access to your customer data and to comply with data privacy regulations.
Data encryption: Salesforce Data Cloud encrypts your customer data at rest and in transit. This helps to protect your data from unauthorized access, even if it is intercepted.
Data audit logging: Salesforce Data Cloud provides audit logging to track all access to your customer data. This can help you to identify any suspicious activity and to comply with data privacy regulations.

In addition to these features, Salesforce Data Cloud also includes a number of tools and resources to help you with data privacy and compliance. For example, Salesforce provides a Data Privacy Center that provides guidance on how to comply with various data privacy regulations. Salesforce also provides a number of pre-built data privacy reports that can help you to assess your compliance with these regulations.

Overall, Salesforce Data Cloud is a powerful tool that can help you to improve your data privacy and compliance posture.

Data Privacy Laws: What You Need to Know

To avoid investigations, fines, and the legal implications of data security incidents, it’s critical for organizations to make data protection a top priority. Data protection laws have been around in some form for decades now and they have entered a new era. With an abundance of personally identifiable information (PII) being constantly shared, regulators are addressing the ethical implications of PII storage and use. The rights of individuals to dictate how their data is being used is of particular concern.

The first major data privacy law in more than 20 years, the General Data Protection Regulation (GDPR), changed the landscape by providing broad-scale protections for consumer data. Since then, new data protection laws have been established or proposed at the state, federal, and international levels. The number of laws will only continue to grow, and existing regulations will evolve quickly.

One of the biggest challenges in remaining compliant with any data privacy law is ensuring your organization has a full understanding of your data. Knowing the business purpose for collecting each data element and having a complete understanding of where your data is stored, where it comes from, and where it goes are all critical components of an implementation plan. Data mapping and advanced planning should be a focus for all organizations that are impacted by data privacy regulations.

At Kenway, we’ve worked with many companies to help them implement changes to their business processes and to their data management framework to ensure they have the infrastructure needed to support regulatory compliance. We thought it would be helpful to provide a running list of the most prominent and recent data privacy laws to help you stay informed. We’ll be updating this page regularly, so be sure to check back for updates as new regulations are passed and current laws are amended!

General Data Protection Regulation (GDPR)

As the first major data privacy regulation in the European Union (EU) since the 1990s, the General Data Protection Regulation (GDPR) serves as a model for other data privacy laws around the world and in the U.S. GDPR covers the data of all residents of the EU’s member states, regardless of where the entity collecting the data is located.

Some of GDPR’s most notable requirements include:

Fines can reach up to €20 million or 4% of global revenue (whichever is higher) and individuals have the right to seek compensation for damages.
Data controllers must demonstrate compliance by taking actions such as designating GDPR responsibilities to employees, maintaining documentation of data collection practices, or appointing a Data Protection Officer.
Organizations must demonstrate “appropriate technical and organizational measures” to manage data security.
Organizations can only collect or process personal information when they can justify the business needs as defined under the terms set forth by the law.
Individuals must give consent for their data to be processed.
Individuals are protected by eight privacy rights, such as the right of access and the right of erasure.

The Federal Trade Commission Act (FTC Act)

While there are currently no data protection laws specific to the U.S., the Federal Trade Commission (FTC) does hold broad authority to enforce consumer protections. As it relates to data privacy, the FTC Act gives the agency the right to prevent deceptive practices, seek monetary redress and relief for conduct that harms consumers, and conduct investigations on entities engaged in commerce.

Here are some of the instances in which the FTC may use this authority to investigate and take action against organizations:

Violations of consumers’ privacy rights
Failure to follow the published privacy policy, or transferring data in a manner not disclosed in the privacy policy
Misleading consumers by failing to maintain security for sensitive information

California Consumer Privacy Act (CCPA)

When it passed in 2018, the California Consumer Privacy Act (CCPA) was the first significant statewide data privacy law in the U.S. It provides consumers who are California residents with greater protections and rights in respect to their personal data. The CCPA applies to businesses that collect consumers’ personal data, do business in the state of California, and either meet certain revenue thresholds or sell personal information.

Some notable provisions are outlined below:

Businesses that violate the CCPA may be liable for a penalty of up to $2,500 for each unintentional violation and $7,500 for each intentional violation.
Consumers whose data "is subject to an unauthorized access and exfiltration, theft, or disclosure" as a result of a business' violation of CCPA can recover damages of $100-$750 or the amount of actual damages, whichever is greater.
Consumers may request that a business delete their personal information and/or provide details on the personal data they store.

California Privacy Rights Act (CPRA)

The California Privacy Rights Act (CPRA) expands the scope of the CCPA. One of its most notable provisions is the creation of an enforcement agency, the California Privacy Protection Agency, to take action against organizations that violate the CCPA. It also expands the definition of protected data to include employee and vendor information.

As of January 1, 2023, the CPRA also requires that:

Any personal information on any California resident is subject to the law, not just consumers.
Any California resident can request to change incorrect information, in addition to removing it.
Companies may only retain personal information for the amount of time necessary and proportionate to the reason it was collected in the first place.
Companies that use third party vendors must require those vendors to exercise the same level of data protection over the shared data as the first party.
Companies must regularly perform privacy assessments.

For more guidance on the tools available to implement CPRA, read this guide.

Québec Privacy Law - Bill 64

The first set of requirements under Bill 64, An Act to modernize legislative provisions as regards the protection of personal information, went into effect on September 22, 2022. The bill makes significant amendments to existing privacy rules covered by various existing laws, most notably the Private Sector Act and the Public Sector Act. It’s expected to have a drastic impact on privacy practices within Québec and may provide a clue to how federal legislation will take shape in Canada. Here are some of the most notable provisions by effective date.

Effective September 22, 2022

Private entities can be fined up to $25,000,000, or an amount equaling 4% of worldwide turnover for the preceding fiscal year, whichever is greater, for failing to meet compliance requirements.
Individuals can be fined up to $100,000 for noncompliance.
Both public and private sector entities must report data breaches, notify those who were affected, and keep a register of confidentiality incidents.
Organizations must designate an individual responsible for privacy legislation.

Effective September 22, 2023

Regulators have up to five years after the date of infraction to take action against offenders.
Under certain circumstances, individuals may request that entities delete some of their personal information or de-index any hyperlink attached to their name.
Upon the collection of personal information, businesses must inform the individual of the purposes of the collection, the means by which the information is collected, the names of third parties that information will be shared with, and the person's right of access, rectification, and withdrawal of consent.

Virginia Consumer Data Protection Act (VCDPA)

Effective as of January 1, 2023, the Virginia Consumer Data Protection Act (VCDPA) is the second statewide data privacy law in the U.S. Though it’s built on the same framework as the CCPA, it’s less expansive in scope.

Residents are protected in an individual household context (such as home internet browsing), but not in a commercial or employment context (such as a job application).
Businesses have a right to data that they believe was lawfully made available to the public, such as information posted on social media.
The sale of personal data is defined solely as an exchange for monetary compensation. Businesses can still transfer personal data to an affiliated or controlled company, have a third party process personal data on their behalf, and disclose personal data if a consumer requests a product or service.
Businesses can also retain the data of consumers who opt out for the purposes of measuring the effectiveness and reach of marketing efforts.

Colorado Privacy Act (CPA)

The Colorado Privacy Act (CPA) provides many of the similar rights and requirements as the CCPA and the VCDPA, however its approach is different. Covered entities are defined as controllers and processors instead of businesses and service providers. Controllers make the primary decisions to manage, collect, and utilize data. Processors maintain and process consumer personal data on behalf of a controller.

Here are some other ways the CPA differs from other state laws:

District attorneys can enforce the law, in addition to the state’s attorney general.
Businesses that process the personal data of 25,000 consumers and receive any revenue or discount from the sale of data are covered, regardless of whether that company derives less than 50% of its gross annual revenue from selling data.
The law doesn’t contain a specific provision for fines. Since a violation is considered a deceptive trade practice, penalties are governed by the Colorado Consumer Protection Act. Under that law, noncompliance can lead to a potentially $20,000 fine per violation.

American Data Privacy Protection Act (ADPPA)

The American Data Privacy Protection Act isn’t the law of the land yet, but it’s the first comprehensive federal data protection law in the U.S. to gain significant bipartisan support. The sweeping legislation covers for-profit and nonprofit entities, with different obligations and exemptions for some organizations. Even if it doesn’t pass as currently written, it does give you a good idea of what federal legislators are focused on. The bill not only addresses data privacy protections, but it also addresses the potentially discriminatory impacts of algorithms.

Notable provisions of the proposed data privacy regulation are:

Information that “identifies or is linked or reasonably linkable” to an individual or a device identifying an individual is protected.
Employee data and publicly available information are excluded.
Covered entities must adopt practices that ensure data security and prevent discrimination and harm by the use of data and algorithms.
The FTC, state attorneys general, and state privacy authorities are granted authority to enforce the law.
Individuals can sue for violations.

Compliance Isn’t Easy. We Can Help.

Because we’re in a new era for data privacy and protection, there’s a lot to learn about the nuances of each regulation and what it means for your business. Even when you understand the requirements of data protection laws, operationalizing compliance is a completely different challenge.

At Kenway, we help organizations get a clear view of their data ecosystem so they can properly identify and protect sensitive data, maintain practices needed for compliance, and report to regulators with confidence. We help you develop a strategic plan for compliance that incorporates data governance, data management, and business processes designed to empower your teams to handle information properly and avoid risks.

Contact our experts to make compliance less complicated.

Data Privacy Laws: FAQs

How long after a data privacy law is enacted does my company have to become compliant?

The amount of time you have to become compliant depends on the effective date defined by the data privacy law. For example, the Colorado Privacy Act (CPA) was signed into law on July 7, 2021 with a July 1, 2023 effective date. Therefore, organizations covered under the law were given roughly two years to put compliance measures in place.

What teams in my organization need to be involved with ensuring compliance with new data privacy law(s)?

The team involved in ensuring compliance should come from several departments throughout the company:

Legal - Interpret the law and confirm that implemented solutions meet its requirements
Data - Define the data lineage (the flow of the data) and the data map (a visualization of how data flows).
Technology - Build process and procedures needed to be able to respond to requests.
Project Managers - Help drive the project to become compliant. These projects span across all technical assets of an organization and involve multiple departments with cross team dependencies that have to be managed. Having someone keeping things organized and keeping the project on track is critical with a project of this scale.

How do I know if a data privacy law impacts my company’s practices? How can I ensure my company remains compliant, despite all the changes to these laws and new privacy regulations being implemented?

Assign someone in your legal organization with the task of keeping up with the data privacy regulations. Alternatively, you can engage an external legal advisor who understands your business and the data privacy landscape.

How much should my company budget for to meet new compliance regulations?

The budget needed to meet data compliance regulations is dependent on the number of technical assets a company has in its ecosystem and the maturity of an organization's data management structure. If you have a complete understanding of data lineage, implementation can be as little as six months. A large organization that is lower on the maturity curve should plan for an 18-month implementation.

What are the 7 principles of GDPR?

GDPR was developed with the following principles:

Lawfulness, fairness and transparency
Purpose limitation
Data minimization
Accuracy
Storage limitation
Integrity and confidentiality
Accountability

What acts are covered by the Data Privacy Act?

Because there is no single overarching federal legislation in the U.S. dedicated to data privacy, the proposed American Data Privacy Protection Act (ADPPA) may overlap with or override some current regulations. Depending on the language in the final passage of the bill, it may override existing privacy laws like the CCPA. It also may overlap with portions of the Children’s Online Privacy Protection Act (COPPA) and the Kids Online Safety Act (KOSA).

What are the key CPRA requirements for January 2023?

Some of the most notable aspects of the CPRA that go into effect in January 2023 include:

Any business that shares personal information must comply.
All California residents are now covered under the law, not just customers.
People can request that their personal information is changed, not just removed.