Configuring Data Regulation Policies

The InCountry for Salesforce package lets you configure the required data regulation policies for different Salesforce objects.

The app deals with the following:

  • Data regulation policies

  • Data restriction levels

Data regulation policies

The InCountry for Salesforce app supports the three data regulation policies, as follows:

PolicyDescription
RedactionRegulated data is stored within the origin country and cannot leave it. Data is saved to the InCountry platform only. Date requests from Salesforce in the origin country are made directly to the REST API of InCountry’s Point-of-Presence in the origin country. Regulated data is not saved to Salesforce.
RestrictionRegulated data is stored within the origin country, but can leave it in some cases when it is read. Data is saved to the InCountry platform. Data requests from Salesforce in the non-origin country are made to the REST API of InCountry’s Point-of-Presence in the origin country. Regulated data is not saved to the Salesforce.
ReplicationRegulated data is first saved in the origin country, then the data can be replicated to other countries. In this case, regulated data is saved to the InCountry platform, and then it is replicated to Salesforce.
note

The InCountry for Salesforce solution lets you use only one data regulation policy for your objects per one Salesforce instance. The mixed usage of several data regulation policies will be supported in future releases.

Data restriction levels

The InCountry for Salesforce app enables configuration of the data regulation policies for the three restriction levels, as follows:

Restriction levelDescription
Organization-wideThis configuration is used when all records within your organization attribute to the one country, so you do not have to specify the country on the object or record levels. This configuration is overridden by the object- or record-level configuration.
Object-levelThis configuration is used when some objects within your Salesforce instance may attribute to one country, while the others to another country. You can override the organization-wide configuration with the object-level configuration (for example, Account > US, Contact > RU). This configuration if overridden by the object-level configuration.
Record-levelThis configuration is used when you need to specify the origin country on the record level. When using this configuration, you need to provide the Salesforce field which contains the country code (for example, Account records > Country_c, Contact Record > Country2_c).

Adding the data regulation policy

note

You must attribute to the InCountry Admin user to access this section.

  1. On the menu, select Settings. The page with the app settings loads, as follows:

    Select Settings

  2. In the Select Object box, start entering the name of the Salesforce object which you want to define the data regulation policy for (for example, Lead).

  3. Select the Salesforce object from the prompted options.

    Select Object

  4. With the selected Salesforce object, click Add Policy. The Add Policy form opens.

    Add Policy

  5. In the Type box, select the restriction level which you want to apply to the selected Salesforce object, as follows:

    • Organization - the data regulation policy is applied to the entire organization and all records within this organization. This way you can set the origin country for the organization.

    • Object - the data regulation policy overrides the organization-wide configuration for the selected Salesforce object. In this case the Lead object will attribute to the selected country, while all the other Salesforce objects will belong to the country defined by the organization-wide configuration, unless another country is defined in the object-level configuration.

    • Record - the data regulation policy overrides the object-level configuration. In this case, for each record within the Lead object you can specify the appropriate origin country.

  6. In the Behavior box, select the data regulation policy, as follows:

    • Redaction

    • Restriction

    • Replication

  7. In the Destination Country box, select code of the country for storing the regulated data according to the select data regulation model.

  8. Move the Controlled By Parent toggle right to enable the inheritance of configuration from the parent object if applicable. If there is no parent object for the current Salesforce object leave it as is.

  9. In the Source Field box start entering the name of the field which contains the country value (not necessarily in ISO format). The app will use the value of this field as an alias.

  10. In the Source Field Value box, enter the name of the country as you specify it while creating or editing records of this Salesforce object. This way the InCountry for Salesforce package will use the stored value as an alias for determining what country data should be written to. Here you can use ISO country codes (US, RU, FR), country names (Russian Federation, United States), or any other variation of country different from the ISO country format (Russia, Deutschland). The value stored within the field will be mapped to the country code you select in the Destination Country box. This option is available for configuration at the record level only.

  11. When complete, click Add.

note

Salesforce Lightning supports the redaction, restriction and replication data regulation policies. Salesforce Classic supports the replication policy only.

Editing the data regulation policy

  1. Select the Salesforce object which data regulation policy you want to modify.

  2. Delete existing data regulation policy for the selected object.

  3. Re-create the configuration from scratch according to your need.

  4. When complete, click Save.

warning

When you change the country for a specific data regulation policy of the object, the InCountry for Salesforce app performs data migration to the newly selected country. Please consider this while modifying settings of the data regulation policy.

Deleting the data regulation policy

  1. Select the Salesforce object which data regulation policy you want to delete.

  2. Once its configuration loads, locate the policy type which you want to delete.

    Locate Policy

  3. Click the Delete icon.

Deleting all policies

You can delete all data regulation policies configured for the currently selected Salesforce object.

  1. Click Delete Policies.

Deleting all data regulation policies and PROTECTED fields for the object

You can delete all data regulation policies and PROTECTED fields configured for the currently selected Salesforce object.

  1. Select the Salesforce object which all data regulation policies and PROTECTED fields you want to delete.

  2. Click Delete All.

Running synchronization

Once you have configured all the data regulation policies and PROTECTED fields for Salesforce objects, you can instantly synchronize them between Salesforce and the InCountry Platform. In this case, the synchronization mechanism will transfer the regulated data from Salesforce to the InCountry Platform for all the records of a specific Salesforce object.

  1. Select the Salesforce object which records you want to synchronize.

    Select the Salesforce object

  2. Click Run Sync.

  3. Wait for a while as it may take some time to synchronize records.

After the data synchronization, regulated data may be shown as tokenized when using the redaction policy.

The status of data synchronization will be shown in the Runned Jobs block and in the Apex Jobs section. If the data synchronization is interrupted by occurrence of an error, please check the configuration of your data fields or contact the InCountry support team.

Upon a successful data synchronization, an email with synchronization details will be delivered to your mailbox. After the data synchronization you can proceed to management of records within the synchronized Salesforce object.

Loading the InCountry for Salesforce appConfiguring the PROTECTED Fields