The "Individual" Object and Data Privacy

Introduction

Over the last couple of years, there has been an increased attention to data privacy and data protection. In Europe, data privacy and protection is regulated via the General Data Protection Regulation (GDPR) that came in effect in May 2018. We at https://cloudbus.digital are primarily focusing on the Dutch market, and the local implementation of GDPR is the Algemene verordening gegevensbescherming (AVG).

One of the corner stones of GDPR is getting consent from customers to hold their data. According to Article 6 of GDPR, data can only be processed under any one of six reasons; 1) Consent, 2) Contract, 3) Legal obligation, 4) Vital interests, 5) Public task and 6) Legitimate interests.

Spring '18, Salesforce released the standard Individual object to support data privacy and protection. On the Individual object, the customer’s data privacy and data protection preferences are stored. Now that is very abstract. Concrete examples are email consent, mobile consent, phone consent, post consent and profiling consent.

Object Model & Setup

The individual object is accessed via a lookup relationship on the Lead, Contact, Person Account (or custom objects)

The Individual object needs to be enabled in your Org: Go to Setup → Quick Find Box → Data Protection and Privacy → Edit → Make data protection details available in records → Save

Implementation

Once the Individual Object is enabled you will need to create the Individual records and connect them to your Leads, Contacts and Person Account (or custom objects). Out of the box there is no automation to do this, so it can be done with Flow, Apex or manually (not recommended).

Here is an example of how the automation logic could be setup:

1. First define the fields that uniquely identify an Individual. That could be a single field like Citizen Service Number (Burgerservicenummer) and/or a combination of fields like first name + last name + email or phone or mobile phone + birthdate, or other identifying fields.
2. Upon saving a new created Lead/Contact/Person Account validate if an existing matching Individual can be found. If an existing one is found, Link the Lead/Contact/Person Account to the existing individual. ! In this situation we are creating a duplicate Lead/Contact/Person Account. The data model does allow for this and there may be valid business scenarios for creating duplicates. If an existing one is not found, then a new Individual record should be created and be linked to the created Lead/Contact/Person Account.
3. Upon saving an updated Lead/Contact/Person Account, follow the same logic as above. In the ideal situation for all existing Leads/Contacts/Person Accounts Individual records would have been created via a batch process. This would then be a double check.