Architecting for Compliance and Data Residency
Legal adherence entails following the mandates set out by regional laws and industry regulations… Your responsibility as an architect is to familiarize yourself with these requirements and proactively flag any potential compliance issues as early as possible to reduce the risk of fines and lawsuits. — Well-Architected — Compliant
Several countries have passed strict data privacy and residency laws in recent years and more appear to be on the way. The specifics of these laws vary from country to country and while they can present some challenges for organizations that operate locally, they add an additional layer of complexity for global organizations that serve customers in more than one region. Regulations can vary from one location to another and the type of information that’s considered to be public in one country may be subject to privacy laws somewhere else. These nuances can have impacts on your organization’s org strategy, as well as your integration and reporting strategies.
Consider the following scenario:
German Trail Outfitters (GTO) is a retailer that sells outdoor gear and related products to customers in Germany. They’re planning to expand to other regions, and they’ve recently acquired a sunscreen manufacturer called Seoul Sun (SES) that’s based in South Korea. Both of these companies use Service Cloud to track support cases related to any issues customers might have with their products, and they both use standard Salesforce reports to allow members of their senior leadership team to view case data.
As the combined organization’s architects start to think about synergies between the systems in their landscape, merging the two Salesforce orgs together might seem like a no-brainer at first glance. But if we look a little bit deeper, we might learn that Seoul Sun company policy considers individual customer reports of rashes or other types of skin conditions from their products to be medical issues instead of simple product support issues. Medical cases are subject to additional privacy regulations and any related data can only be stored on servers that physically reside within South Korea. At the same time, the EU and Germany have their own set of privacy laws that the organization will need to adhere to as well.
So the architects decide that due to the data residency requirements for sensitive data, a single org strategy likely won’t be possible in this scenario. Instead, they opt for a multi-org strategy where they maintain the two separate orgs on Hyperforce. This is a good start, but the strategy won’t solve for is the company’s leadership wanting to be able to view case information from both regions in a single report.
Since GTO plans to expand to other regions, any integration pattern involving point-to-point connections between the two orgs is not an option because it will never scale. So GTO’s architects decide to go with an Event-Driven Architecture approach instead. This allows them to utilize an event bus for asynchronous communications and add additional publishers and subscribers from new regions as the company continues to expand. And since each region’s data requires a unique set of transformations to remove any sensitive data, GTO’s architects specifically opted utilize the Passed Messages pattern, which you can read more about in the Architect’s Guide to Event-Driven Architecture.
Notice that one of the subscribers in GTO’s architecture is a data warehouse that’s connected to a reporting tool. The transformed records from each region with all sensitive data removed are sent to the data warehouse and made available for reports that members of the organization’s senior leadership team can view. These reports are sufficient for senior leadership members, who are primarily interested in aggregate data and don’t need to see individual case details. Local users in both regions who do need to see more detailed data still access the information from standard reports that are available in the individual orgs that they have access to.
Overall, this approach will allow GTO to scale its organization while also complying with local regulations. As we mentioned earlier, this is a fictional scenario, but its use case is one that global organizations frequently need to solve for. Keep in mind that every situation is different and your organization’s individual needs will be subject to the local laws in the regions where it operates, the type of data it collects and your own internal policies. For more information, make sure to read the guidance and patterns outlined in Salesforce Well-Architected — Compliant.
About the Authors:
Tom Leddy is an Architect Evangelist at Salesforce.
Matthew Parin is a Product Director, Hyperforce at Salesforce.
