salesforce-data-handling
Implement Salesforce data privacy, GDPR/CCPA compliance, and field-level encryption patterns. Use when handling PII in Salesforce records, implementing data subject access requests, or configuring Salesforce Shield encryption. Trigger with phrases like "salesforce data privacy", "salesforce PII", "salesforce GDPR", "salesforce data retention", "salesforce encryption", "salesforce CCPA".
Best use case
salesforce-data-handling is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Implement Salesforce data privacy, GDPR/CCPA compliance, and field-level encryption patterns. Use when handling PII in Salesforce records, implementing data subject access requests, or configuring Salesforce Shield encryption. Trigger with phrases like "salesforce data privacy", "salesforce PII", "salesforce GDPR", "salesforce data retention", "salesforce encryption", "salesforce CCPA".
Teams using salesforce-data-handling should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/salesforce-data-handling/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How salesforce-data-handling Compares
| Feature / Agent | salesforce-data-handling | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Implement Salesforce data privacy, GDPR/CCPA compliance, and field-level encryption patterns. Use when handling PII in Salesforce records, implementing data subject access requests, or configuring Salesforce Shield encryption. Trigger with phrases like "salesforce data privacy", "salesforce PII", "salesforce GDPR", "salesforce data retention", "salesforce encryption", "salesforce CCPA".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Marketing
Discover AI agents for marketing workflows, from SEO and content production to campaign research, outreach, and analytics.
Best AI Agents for Marketing
A curated list of the best AI agents and skills for marketing teams focused on SEO, content systems, outreach, and campaign execution.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
SKILL.md Source
# Salesforce Data Handling
## Overview
Handle sensitive data correctly when integrating with Salesforce: PII classification, GDPR/CCPA compliance with Salesforce's Individual object, data retention, and field-level encryption.
## Prerequisites
- Understanding of GDPR/CCPA requirements
- Salesforce org with data classification enabled (Setup > Data Classification)
- For encryption: Salesforce Shield license (Platform Encryption)
## Instructions
### Step 1: Salesforce Data Classification
```typescript
// Salesforce has built-in data classification on fields
// Setup > Object Manager > [Object] > Fields > [Field] > Edit > Data Sensitivity Level
// Query field classification metadata
const conn = await getConnection();
const contactMeta = await conn.sobject('Contact').describe();
const sensitiveFields = contactMeta.fields
.filter((f: any) => f.compoundFieldName === null) // Skip compound fields
.map((f: any) => ({
name: f.name,
label: f.label,
type: f.type,
encrypted: f.encrypted || false,
// Check custom data sensitivity via field metadata
}));
// PII fields in standard Salesforce objects
const PII_FIELDS: Record<string, string[]> = {
Contact: ['FirstName', 'LastName', 'Email', 'Phone', 'MailingAddress', 'Birthdate'],
Lead: ['FirstName', 'LastName', 'Email', 'Phone', 'Company'],
Account: ['Phone', 'Website'], // Less PII, but may contain it
User: ['Email', 'Phone', 'Username'],
Case: ['SuppliedEmail', 'SuppliedName', 'SuppliedPhone'],
};
```
### Step 2: GDPR — Individual Object & Consent
```typescript
// Salesforce has a built-in "Individual" object for GDPR consent tracking
// Setup > Data Protection and Privacy > Enable Individual object
// Link Contact to Individual for consent tracking
await conn.sobject('Individual').create({
FirstName: 'Jane',
LastName: 'Smith',
HasOptedOutTracking: false,
HasOptedOutProcessing: false,
HasOptedOutSolicit: true,
});
// Check consent before processing
const contact = await conn.query(`
SELECT Id, FirstName, LastName, Email,
Individual.HasOptedOutTracking,
Individual.HasOptedOutProcessing
FROM Contact
WHERE Id = '003xxxxxxxxxxxx'
`);
const individual = contact.records[0]?.Individual;
if (individual?.HasOptedOutProcessing) {
console.log('Contact has opted out of data processing — skip');
}
```
### Step 3: Data Subject Access Request (DSAR)
```typescript
// GDPR Article 15: Right of Access
async function exportContactData(contactId: string): Promise<object> {
const conn = await getConnection();
// Gather all data related to this contact
const [contact, cases, activities, opportunities] = await Promise.all([
conn.query(`
SELECT FIELDS(ALL) FROM Contact WHERE Id = '${contactId}' LIMIT 1
`),
conn.query(`
SELECT Id, Subject, Description, CreatedDate, Status
FROM Case WHERE ContactId = '${contactId}'
`),
conn.query(`
SELECT Id, Subject, ActivityDate, Description
FROM Task WHERE WhoId = '${contactId}'
`),
conn.query(`
SELECT Id, Name, StageName, Amount
FROM Opportunity WHERE Id IN (
SELECT OpportunityId FROM OpportunityContactRole WHERE ContactId = '${contactId}'
)
`),
]);
return {
exportDate: new Date().toISOString(),
subject: 'Data Subject Access Request',
contact: contact.records[0],
cases: cases.records,
activities: activities.records,
opportunities: opportunities.records,
};
}
```
### Step 4: Right to Deletion (Right to be Forgotten)
```typescript
// GDPR Article 17: Right to Erasure
async function deleteContactData(contactId: string): Promise<void> {
const conn = await getConnection();
// 1. Delete related records first (due to lookup relationships)
const tasks = await conn.query(`SELECT Id FROM Task WHERE WhoId = '${contactId}'`);
if (tasks.records.length > 0) {
await conn.sobject('Task').destroy(tasks.records.map((t: any) => t.Id));
}
// 2. Delete the contact
await conn.sobject('Contact').destroy(contactId);
// 3. Audit log (required — don't delete this)
await conn.sobject('Integration_Log__c').create({
Action__c: 'GDPR_DELETION',
Record_Id__c: contactId,
Object_Type__c: 'Contact',
Timestamp__c: new Date().toISOString(),
});
// 4. Delete from local caches/databases too
console.log(`Contact ${contactId} deleted from Salesforce (GDPR erasure)`);
}
```
### Step 5: Data Redaction in Logs
```typescript
// NEVER log raw Salesforce records containing PII
function redactSfRecord(record: Record<string, any>, objectType: string): Record<string, any> {
const piiFields = PII_FIELDS[objectType] || [];
const redacted = { ...record };
for (const field of piiFields) {
if (redacted[field]) {
redacted[field] = '[REDACTED]';
}
}
return redacted;
}
// Usage in logging
const contacts = await conn.query('SELECT Id, FirstName, LastName, Email FROM Contact LIMIT 5');
for (const contact of contacts.records) {
console.log('Processing:', redactSfRecord(contact, 'Contact'));
// Logs: { Id: '003xx', FirstName: '[REDACTED]', LastName: '[REDACTED]', Email: '[REDACTED]' }
}
```
### Step 6: Salesforce Shield Platform Encryption
```
For field-level encryption at rest (Salesforce Shield license required):
Setup > Platform Encryption > Encryption Policy:
- Encrypt: Contact.Email, Contact.Phone, Lead.Email
- Key Management: Salesforce-managed or customer-managed (BYOK)
Limitations of encrypted fields:
- Cannot use in WHERE clause (use deterministic encryption for filters)
- Cannot use in ORDER BY
- Cannot use in aggregate functions
- SOQL LIKE operator not supported on encrypted fields
```
## Output
- Data classification for PII fields documented
- GDPR consent tracking via Individual object
- DSAR export function for data subject access
- Right to deletion with audit trail
- Log redaction preventing PII exposure
## Error Handling
| Issue | Cause | Solution |
|-------|-------|----------|
| `FIELD_NOT_FOUND: Individual` | Individual object not enabled | Setup > Data Protection > Enable Individual |
| Can't delete Contact | Related records exist | Delete related Tasks/Events first |
| Encrypted field in WHERE | Shield encryption limitation | Use deterministic encryption or query differently |
| PII in logs | Missing redaction | Wrap all SF logging with redactSfRecord |
## Resources
- [Salesforce Data Protection & Privacy](https://help.salesforce.com/s/articleView?id=sf.data_protection_and_privacy.htm)
- [Individual Object](https://developer.salesforce.com/docs/atlas.en-us.object_reference.meta/object_reference/sforce_api_objects_individual.htm)
- [Shield Platform Encryption](https://help.salesforce.com/s/articleView?id=sf.security_pe_overview.htm)
- [GDPR Compliance in Salesforce](https://www.salesforce.com/company/privacy/)
## Next Steps
For enterprise access control, see `salesforce-enterprise-rbac`.Related Skills
generating-test-data
Generate realistic test data including edge cases and boundary conditions. Use when creating realistic fixtures or edge case test data. Trigger with phrases like "generate test data", "create fixtures", or "setup test database".
managing-database-tests
Test database testing including fixtures, transactions, and rollback management. Use when performing specialized testing. Trigger with phrases like "test the database", "run database tests", or "validate data integrity".
encrypting-and-decrypting-data
Validate encryption implementations and cryptographic practices. Use when reviewing data security measures. Trigger with 'check encryption', 'validate crypto', or 'review security keys'.
scanning-for-data-privacy-issues
Scan for data privacy issues and sensitive information exposure. Use when reviewing data handling practices. Trigger with 'scan privacy issues', 'check sensitive data', or 'validate data protection'.
windsurf-data-handling
Control what code and data Windsurf AI can access and process in your workspace. Use when handling sensitive data, implementing data exclusion patterns, or ensuring compliance with privacy regulations in Windsurf environments. Trigger with phrases like "windsurf data privacy", "windsurf PII", "windsurf GDPR", "windsurf compliance", "codeium data", "windsurf telemetry".
webflow-data-handling
Implement Webflow data handling — CMS content delivery patterns, PII redaction in form submissions, GDPR/CCPA compliance for ecommerce data, and data retention policies. Trigger with phrases like "webflow data", "webflow PII", "webflow GDPR", "webflow data retention", "webflow privacy", "webflow CCPA", "webflow forms data".
vercel-data-handling
Implement data handling, PII protection, and GDPR/CCPA compliance for Vercel deployments. Use when handling sensitive data in serverless functions, implementing data redaction, or ensuring privacy compliance on Vercel. Trigger with phrases like "vercel data", "vercel PII", "vercel GDPR", "vercel data retention", "vercel privacy", "vercel compliance".
veeva-data-handling
Veeva Vault data handling for enterprise operations. Use when implementing advanced Veeva Vault patterns. Trigger: "veeva data handling".
vastai-data-handling
Manage training data and model artifacts securely on Vast.ai GPU instances. Use when transferring data to instances, managing checkpoints, or implementing secure data lifecycle on rented hardware. Trigger with phrases like "vastai data", "vastai upload data", "vastai checkpoints", "vastai data security", "vastai artifacts".
twinmind-data-handling
Handle TwinMind meeting data with GDPR compliance: transcript storage, memory vault management, data export, and deletion policies. Use when implementing data handling, or managing TwinMind meeting AI operations. Trigger with phrases like "twinmind data handling", "twinmind data handling".
supabase-data-handling
Implement GDPR/CCPA compliance with Supabase: RLS for data isolation, user deletion via auth.admin.deleteUser(), data export via SQL, PII column management, backup/restore workflows, and retention policies. Use when handling sensitive data, implementing right-to-deletion, configuring data retention, or auditing PII in Supabase database columns. Trigger: "supabase GDPR", "supabase data handling", "supabase PII", "supabase compliance", "supabase data retention", "supabase delete user", "supabase data export".
speak-data-handling
Handle student audio data, assessment records, and learning progress with GDPR/COPPA compliance. Use when implementing data handling, or managing Speak language learning platform operations. Trigger with phrases like "speak data handling", "speak data handling".