At Salesforce, trust is our #1 value. The protection of our customers’ data is paramount.

The General Data Protection Regulation (GDPR) is a comprehensive European privacy law that takes effect on May 25, 2018. Salesforce welcomes this law as an important step forward in streamlining data protection requirements across the European Union and as an opportunity for Salesforce to deepen our commitment to data protection.

Salesforce’s GDPR Commitment

We are committed to our customers’ success, including compliance with the GDPR.

Similar to existing privacy laws, compliance with the GDPR requires a partnership between Salesforce and our customers in their use of our services. Salesforce will comply with the GDPR in the delivery of our service to our customers. We are also dedicated to helping our customers comply with the GDPR. We have closely analyzed the requirements of the GDPR, and are working to make enhancements to our products, contracts and documentation to support compliance with the GDPR.

Preparing our Customers for the GDPR

Today we are announcing several resources to help our customers prepare for the GDPR:

• GDPR Resource Website:  We have created a GDPR resource website. In the coming weeks we will be releasing several white papers explaining how customers can comply with key GDPR principles in using our services.

• New Trailhead Module: We have launched a Trailhead module titled “EU Privacy Law Basics,” which provides a detailed overview of the key principles of the GDPR as well as suggested actions for organizations. We hope our customers will take advantage of this free resource and use it to educate their own employees about the GDPR.

• Contractual Addendum: We are also releasing an updated data processing addendum that contains revised or additional provisions to assist our customers with their compliance with the GDPR.

Our Ongoing Commitment to Data Protection

These resources supplement Salesforce’s robust privacy and security program that meets the highest standards in the industry. We have consistently reinforced our commitment to protecting our customers’ data through our actions over the last few years:

• In October 2015, within hours of the European Court of Justice invalidating the EU-U.S. Safe Harbor program, we offered all of our customers a data processing addendum that allowed them to continue to transfer data to Salesforce without interruption.

• In November 2015, we became the first top-10 software company to achieve approval for binding corporate rules for processors from European data protection authorities.

• In August 2016, we became one of the first companies to certify compliance with the EU-U.S. Privacy Shield Framework.

Additionally, our Trust and Compliance documentation provides more information about our privacy and security certifications and controls.

We look forward to working with our customers’ GDPR compliance efforts. For more information, we encourage our customers to visit our GDPR Resource Website and take the EU Privacy Law Basics Module on Trailhead.