Firstly, you need to create a Ref Model, either by sync with your Salesforce Org or by creating a Ref Model via a CSV import. Then enable data privacy categorization on this Ref Model from the details tab in the right panel.
Now that you have a Ref Model with all the fields from all the objects/lists/databases, you need to categorize them:
- Special Personal Data
- Personal Data
- Unassessed - Potential
- Not Applicable
The first time you run the Salesforce sync, it will automatically categorize SOME fields for you for standard objects (Account, Contact, etc.). You are still responsible for reviewing and confirming every field.
Manual categorization of Special Personal Data & Personal Data
You can then go through every field and - ONLY for those that are "Special Personal Data" or "Personal Data" - select the field Status from the dropdown and fill out the supporting information fields. Leave all those that are "Not Applicable" as "Unassessed" because you can change them all in a single click.
Once you categorize data as either "Personal" or "Special Personal" you will see extra fields to capture additional compliance information:
- retention period - specify the number of months or years for which you plan to hold this data
- legal basis - choose from the dropdown explaining why you hold this data
- reason for legal basis - your reasons for keeping the data
- needs to be encrypted - check this box if data needs to be protected
- sources of data - choose resources from the library to specify where you get the data from
- recipients of data - choose resources from the library to specify where you send the collected data
- additional notes - capture any additional, custom information you require
Copying and pasting data privacy compliance data
You can quickly set compliance information for any data privacy-enabled node using the copy/paste functionality. Select a data privacy-enabled node, right-mouse click and select "Copy data privacy data". The data privacy settings for status and all additional fields will be copied from that node.
Select a different data privacy-enabled node, right-mouse click and select "Paste data privacy data". All the compliance settings from the previous node are now applied to the selected one.
"Bulk validation" changes of all "Unassessed" to "Not Applicable"
Once you have categorized every field that is "Special Personal Data" or "Personal Data", the rest of the fields can be marked "Not Applicable".
You can do this with ONE CLICK. At the parent node level, right mouse click and select "Data privacy- set Not Applicable". This will set every child node that is currently "Unassessed" to "Not Applicable". You will get a warning before you commit.