Configuring Data Regulation Policies

The InCountry for Salesforce package lets you configure the required data regulation policies for different Salesforce objects.

The app deals with the following:

  • Data regulation policies

  • Data restriction levels

Data regulation policies

The InCountry for Salesforce app supports the three data regulation policies, as follows:
PolicyDescription
RedactionRegulated data is stored within the origin country and cannot leave it. Data is saved to the InCountry platform only. Date requests from Salesforce in the origin country are made directly to the REST API of InCountry’s Point-of-Presence in the origin country. Regulated data is not saved to Salesforce.
RestrictionRegulated data is stored within the origin country, but can leave it in some cases when it is read. Data is saved to the InCountry platform. Data requests from Salesforce in the non-origin country are made to the REST API of InCountry’s Point-of-Presence in the origin country. Regulated data is not saved to the Salesforce.
ReplicationRegulated data is first saved in the origin country, then the data can be replicated to other countries. In this case, regulated data is saved to the InCountry platform, and then it is replicated to Salesforce.
note

The InCountry for Salesforce solution lets you use only one data regulation policy for your objects per one Salesforce instance. The mixed usage of several data regulation policies will be supported in future releases.

Data restriction levels

The InCountry for Salesforce app enables configuration of the data regulation policies for the three restriction levels, as follows:
Restriction levelDescription
Organization-wideThis configuration is used when all records within your organization attribute to the one country, so you do not have to specify the country on the object or record levels. This configuration is overridden by the object- or record-level configuration.
Object-levelThis configuration is used when some objects within your Salesforce instance may attribute to one country, while the others to another country. You can override the organization-wide configuration with the object-level configuration (for example, Account > US, Contact > RU). This configuration if overridden by the object-level configuration.
Record-levelThis configuration is used when you need to specify the origin country on the record level. When using this configuration, you need to provide the Salesforce field which contains the country code (for example. Account records > Country_c, Contact Record > Country2_c).

Adding the data regulation policy

note

You must attribute to the InCountry Admin user to access this section.

  1. On the menu, select Settings. The page with the app settings loads, as follows:

  2. In the Select Object box, start entering the name of the Salesforce object which you want to define the data regulation policy for (for example, Lead).

    Select Object

  3. Select the Salesforce object from the prompted options.

  4. In the Type box, select the restriction level which you want to apply to the selected Salesforce object, as follows:

    • Organization - the data regulation policy is applied to the entire organization and all records within this organization. This way you can set the origin country for the organization.

    • Object - the data regulation policy overrides the organization-wide configuration for the selected Salesforce object. In this case the Lead object will attribute to the selected country, while all the other Salesforce objects will belong to the country defined by the organization-wide configuration, unless another country is defined in the object-level configuration.

    • Record - the data regulation policy overrides the object-level configuration. In this case, for each record within the Lead object you can specify the appropriate origin country.

  5. In the Country box, select code of the country for storing the regulated data.

  6. In the Behavior box, select the data regulation policy, as follows:

    • Redaction

    • Restriction

    • Replication

  7. In the Select Field box, start entering the field which will contain the country code. This field will be used to identify which country the data is stored in. This option is available for records only.

  8. When complete, click Add.

note

Salesforce Lightning supports the redaction and restriction data regulation policies only. The replication model can be used in Salesforce Classic only.

Editing the data regulation policy

  1. Select the Salesforce object which data regulation policy you want to modify.

  2. Once its configuration loads, locate the policy type which you want to modify.

  3. Make the appropriate modifications.

  4. When complete, click Save.

warning

When you change the country for a specific data regulation policy of the object, the InCountry for Salesforce app performs data migration to the newly selected country. Please consider this while modifying settings of the data regulation policy.

Deleting the data regulation policy

  1. Select the Salesforce object which data regulation policy you want to delete.

  2. Once its configuration loads, locate the policy type which you want to delete.

  3. Click the Delete icon.

Deleting all policies

You can delete all data regulation policies configured for the currently selected Salesforce object.

  1. Click Delete Policies.

Deleting all data regulation policies and PROTECTED fields for the object

You can delete all data regulation policies and PROTECTED fields configured for the currently selected Salesforce object.

  1. Select the Salesforce object which all data regulation policies and PROTECTED fields you want to delete.

  2. Click Delete All.

Running synchronization

Once you have configured all the data regulation policies and PROTECTED fields for Salesforce objects, you can instantly synchronize them between Salesforce and the InCountry Platform. In this case, the synchronization mechanism will transfer the regulated data from Salesforce to the InCountry Platform for all the records of a specific Salesforce object.

  1. Select the Salesforce object which records you want to synchronize.

    Select the Salesforce object

  2. Click Run Sync.

  3. Wait for a while as it may take some time to synchronize records.

After the data synchronization, regulated data may be shown as tokenized when using the redaction policy.

The status of data synchronization will be shown in the Runned Jobs block and in the Apex Jobs section. If the data synchronization is interrupted by occurrence of an error, please check the configuration of your data fields or contact the InCountry support team.

Upon a successful data synchronization, an email with synchronization details will be delivered to your mailbox. After the data synchronization you can proceed to management of records within the synchronized Salesforce object.

Loading the InCountry for Salesforce appConfiguring the PII Fields