Your data retention policy should look holistically at all of the data entering your Salesforce production environments. Pay attention to what kind of data you’re retaining, the sensitivity level of the data, and the regulations that could apply to the data. After categorizing each object, you’ll need to define when to reduce access to that data by deleting completely and when to move the data to your archives. Let’s dive deeper into each step of the process.
1. Identify Key Stakeholders
Before defining and implementing your data retention policy, make sure you identify and communicate with the departments and people that will be impacted.
Who is setting the policy?
2. Determine Applicable Regulations
Certain local, state, federal, international, or industry-imposed regulations have data retention requirements. Hopefully your compliance, risk, and legal departments have already set data retention policies that align with the applicable regulations. Double check with each of these departments to be sure your Salesforce orgs are in compliance to avoid civil, criminal, or financial penalties.
3. Catalogue Your Salesforce Data
To catalogue your data, you’ll need to get together with the stakeholders who are familiar with your Salesforce data to map out the data within your orgs. Below is a simple example of how this can be done. This catalogue will be a precursor to a broader discussion with decision makers in your company.
4. Review Salesforce Data Catalogue and Make Decisions
Questions to ask decision makers as your review the Salesforce data catalogue include:
- Should you even be storing this data in the first place?
- Are there any restrictions on how long you may keep the data?
- In what scenario might you need to access the archived data?
- Who might need access to the data once it’s archived?
- Is the data covered under legal, regulatory, or other obligations?
- Do you actually need to keep the data?
- What about the related data?
5. Document Policies and Actions Based on Decisions
Access to archived data depends on your business drivers. If you’re keeping the data in an archive for regulatory or internal policy reasons, you should limit access to those who need it for regulatory or auditing purposes. For companies archiving to reduce storage costs or clutter, you may want users to have more access to the data. How you implement your data retention policy will depend on which business driver is important to your organization.
6. Implement Your Salesforce Data Retention Policy
Document a retention query/statement for each set of objects/records. For example, if you defined that customer contacts need to be archived four years after your last purchase, you’ll need to create a query of your contact object/customer contacts where the last purchase date is four years ago.
Create the technical documentation that includes a process for executing the queries to delete/archive the records. If you’re going to implement a manual archiving policy, you’ll need to send calendar invites out to the right people to remind them to log in to Salesforce periodically to execute these queries and ensure that the data is either being deleted all together or deleted from production and moved to a lower storage tier. You’ll also need some communication with stakeholders throughout the process so they know who to contact in case they need access to archived data.
Implementing your Salesforce data retention policy can turn into a significant project without a good archiving solution. That’s why we’ve created OwnBackup Archiver to help you automate the whole implementation process after you’ve created your retention policies and rules.
Watch the Best Practices for Salesforce Data Lifecycle Management webinar to learn more about why you should develop a data retention policy for Salesforce.