First you need to create a Ref Model, either by sync with your Salesforce Org or by creating a Ref Model via a CSV import. Then enable GDPR categorization on this Ref Model from the details tab in the right panel.
Now that you have a Ref Model with all the fields from all the objects/lists/databases, you need to categorize them:
- Special Personal Data
- Personal Data
- Unassessed - Potential
- Not Applicable
The first time you run the Salesforce sync, it will automatically categorize SOME fields for you for standard objects (Account, Contact etc.). You are still responsible for reviewing and confirming every field.
Manual categorization of Special Personal Data & Personal Data
You can then go through every field and - ONLY for those that are "Special Personal Data" or "Personal Data" - select the field Status from the dropdown and fill out the supporting information fields. Leave all those that are "Not Applicable" as "Unassessed" because you can change them all in a single click.
Once you categorize data as either "Personal" or "Special Personal" you will see extra fields to capture additional compliance information:
- retention period - specify number of years and months for which you plan to hold this data
- legal basis - choose from dropdown explaining why you hold this data
- reason for legal basis - your reasons for keeping the data
- needs to be encrypted - check box if data needs to be protected
- sources of data - choose resources from the library to specify where you get the data from
- recipients of data - choose resources from the library to specify where you send the collected data
- additional notes - capture any additional, custom information you require
Copying and pasting GDPR compliance data
You can quickly set compliance information for any GDPR-enabled node using the copy/paste functionality. Select a GDPR-enabled node, right-mouse click and select "Copy GDPR data". The GDPR settings for status and all additional fields will be copied from that node.
Select a different GDPR-enabled node, right-mouse click and select "Paste GDPR data". All the compliance settings from the previous node are now applied to the selected one.
"Bulk validation" changes of all "Unassessed" to "Not Applicable"
Once you have categorized every field that is "Special Personal Data" or "Personal Data", the rest of the fields can be marked "Not Applicable".
You can do this with ONE CLICK. At the parent node level, right mouse click and select "GDPR- set Not Applicable". This will set every child node that is currently "Unassessed" to "Not Applicable". You will get a warning before you commit.