# GDPR - Secure and Comply

### What is GDPR? <a href="#what-is-gdpr" id="what-is-gdpr"></a>

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that regulates the use of personal data of EU (European Union) residents and provides individuals the right to exercise control over their data. GDPR came into effect on 25 May 2018. Simply put, the GDPR gives every EU citizen the right to control the way their personal data is processed and places an obligation on every organization to manage data fairly and transparently and to demonstrate their compliance. For more detailed information, visit the [European Commission](https://ec.europa.eu/info/law/law-topic/data-protection/eu-data-protection-rules_en) website.

### What does GDPR cover? <a href="#what-does-gdpr-cover" id="what-does-gdpr-cover"></a>

GDPR is concerned with all kinds of personal data, which is any information relating to an identifiable individual (a data subject).

Although created by the EU, GDPR applies to any organization (or person) with a European presence, or that deals with the personal data of data subjects within the EU.

### Benefits of GDPR Compliance <a href="#benefits-of-gdpr-compliance" id="benefits-of-gdpr-compliance"></a>

There are many positive business outcomes of compliance with GDPR including efficient data management, streamlined processes, transparency, security, better internal controls, risk reduction, long-term cost reduction, and updated technology.

### Our Commitment to GDPR <a href="#our-commitment-to-gdpr" id="our-commitment-to-gdpr"></a>

We believe in our service and can provide the level of protection for compliance with the EU General Data Protection Regulation.

* All Salesforce data backed up in Vault is kept secure.
* EU citizens have the right to access their Salesforce data.
* The use of personal data collected within Vault is done in a legal, fair, and reasonable way.

### W**hat features within Vault support compliance with GDPR requirements?** <a href="#what-features-within-vault-support-compliance-with-gdpr-requirements" id="what-features-within-vault-support-compliance-with-gdpr-requirements"></a>

Vault provides industry-standard security measures such as encryption, multi-factor authentication, access controls, and auditing to support compliance with GDPR rules.

#### R**ight of Access** <a href="#right-of-access" id="right-of-access"></a>

As per [Article 15 of the GDPR](https://gdpr-info.eu/art-15-gdpr/), individuals have the right to obtain access to their personal data, so that they are aware of and can verify the lawfulness of the processing. The information must be provided within 30 days of a request, free of charge.

**Vault:** Upon request, we quickly respond to requests for data access that contains your Salesforce information.

#### R**ight to Data Portability** <a href="#right-to-data-portability" id="right-to-data-portability"></a>

As per [Article 20 of the GDPR](https://gdpr-info.eu/art-20-gdpr/), individuals have the right to move, copy or transfer personal data easily and securely from one IT environment to another.

**Vault:** Based on a user's permission level, entire Salesforce metadata/ data components can be removed from our platform.

#### Right to Be Forgotten Request <a href="#right-to-be-forgotten-request" id="right-to-be-forgotten-request"></a>

[Article 17 of the GDPR](https://gdpr-info.eu/art-17-gdpr/), the right to erasure, also known as the right to be forgotten or RTBF, enables individuals to request the deletion or removal of their personal data when there is no compelling reason for its continued processing.

**Vault:** Your files stored in Vault are easily searchable and based on your user’s permission level in Vault, you can delete them.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://knowledgebase.autorabit.com/product-guides/vault/vault-features/compliance/gdpr-secure-and-comply.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.