Matt Rist, Director of Product Delivery

The General Data Protection Regulation (GDPR) is an European Union (EU)  data privacy regulation intended to give EU residents (including UK residents) more control of their data. The GDPR is scheduled to go into effect on May 25, 2018. 

Your association is based in the United States, so why does GDPR affect you? Any organization collecting or processing data from an EU resident must be compliant. (For a detailed explanation of the GDPR and its regulations, please visit the GDPR homepage.) 
 
We anticipate more than 80 percent of our customers will be affected by the GDPR.  

Nimble AMS and achieving GDPR compliance 

During Summer 2018, we are introducing new tools to help your organization on your journey towards GDPR compliance. There are four themes we have followed to offer the most robust solution for an AMS on the Salesforce platform. ​

Leverage the platform 

Salesforce has placed a priority on supporting the GDPR. Nimble AMS will incorporate new capabilities, such as the new Individual Object, in Nimble AMS features, so organizations can effectively leverage them. 

Salesforce is committed to data privacy beyond this legislation. We expect more tools in future releases, and we will integrate them into Nimble AMS when possible, making sure you’re able to take advantage of them. 

Consent tracking capabilities  

For Summer ’18, we’ve added features to easily start tracking a member’s consent preferences and ensure the information is up to date. 

Consent alert in Community Hub 

Community Hub is a great way for customers to provide consent for your association, and accessing their data. For existing users, once you enable consent tracking in Community Hub, the next time they login they will be presented with a consent alert, which can be customized. This alert contains a link to the association’s privacy policy and a button for members to actively consent to permit their data be tracked. For new users, it’s simple to add a card to the Create Account process, which allows they to provide consent and review your privacy policy.  

There are several additional options for making these new tools work for your organization. We have shared some of them to help you get started.  

Consent tracking in staff view 

In staff view, a few new fields have been added so you and your staff can easily see whether a member has given consent and when their last consented date occurred. Part of “Privacy by Default” allows for data subjects to periodically renew their consent. Process builder is a tool for building automation, connecting with to members to renew their consent.  

Transparency 

Many of the compliance features are focused on transparency. It’s designed  for your association to easily share with users how they can use their individual data through privacy policies, consent and cookie alerts. 

Also during Summer ’18, we will introduce a cookie alert to Community Hub. This alert notifies users cookies are being tracked, and, with a click of a button, they can consent to track cookies. If they do not provide consent, they are redirected away from Community Hub. This alert persists until the user clicks the “I Understand” button.  

In Community Hub, you can update the custom label in the footer to link to the association’s privacy policy. If you use a custom Visualforce component to create a footer matching your CMS, it’s advised you include a link to your privacy policy within the footer. 

Individual data access  

We have introduced easy ways for individuals to update information, request a copy of their data, or forget their data entirely. Much of this is achieved through Community Hub. 

First, we’ve added a new page called “My Privacy Settings,” whereby you can use field set forms to expose privacy fields, such as “Don’t Market to Me” to the individual and allow them to update it.  

Members can also request to be forgotten from the “My Privacy Settings” page, requesting their data. This creates a task in “Staff View,” and assigns it to a member of your staff. Anonymizing a user permanently removes any personally identifiable data from all records related to that individual.

One important tool being released with Summer 18 is the anonymization tool. This tool allows your staff to anonymize personally identifiable information for individuals at their request. This tool can be configured by your staff to include any objects and fields your organization has configured that could contain personally identifiable information.

What’s next? 

The May 25 deadline is approaching. If GDPR Compliance is important to you and your organization, here are some simple next steps: 

  • Open a case and request to review the Summer ’18 Preview. We will then upgrade your environments to Summer ’18, and enable the new Data Privacy and Protection features. 
  • Once you are on preview, you can then configure your environment to best meet your needs. If you need additional help, reach out to Client Success, and we can set up a mini-project to get you started.  
  • Most importantly, consult with your legal council. GDPR Compliance is only a small part of new technology regulations. It’s critical your processes, contracts and privacy policies are compliant. 
  • For assistance, join the Data Privacy and Compliance Group in NimbleLand. 
  • Finally, register for the Summer ’18 Release Webinar scheduled for May 30, 2018.

Want to learn more? Here are additional resources for understanding GDPR:  

 ​