Deep-dive on the Next Gen Platform. Join the Webinar!

Skip Navigation
Show nav
Dev Center
  • Get Started
  • Documentation
  • Changelog
  • Search
  • Get Started
    • Node.js
    • Ruby on Rails
    • Ruby
    • Python
    • Java
    • PHP
    • Go
    • Scala
    • Clojure
    • .NET
  • Documentation
  • Changelog
  • More
    Additional Resources
    • Home
    • Elements
    • Products
    • Pricing
    • Careers
    • Help
    • Status
    • Events
    • Podcasts
    • Compliance Center
    Heroku Blog

    Heroku Blog

    Find out what's new with Heroku on our blog.

    Visit Blog
  • Log inorSign up
Hide categories

Categories

  • Heroku Architecture
    • Compute (Dynos)
      • Dyno Management
      • Dyno Concepts
      • Dyno Behavior
      • Dyno Reference
      • Dyno Troubleshooting
    • Stacks (operating system images)
    • Networking & DNS
    • Platform Policies
    • Platform Principles
  • Developer Tools
    • Command Line
    • Heroku VS Code Extension
  • Deployment
    • Deploying with Git
    • Deploying with Docker
    • Deployment Integrations
  • Continuous Delivery & Integration (Heroku Flow)
    • Continuous Integration
  • Language Support
    • Node.js
      • Working with Node.js
      • Node.js Behavior in Heroku
      • Troubleshooting Node.js Apps
    • Ruby
      • Rails Support
      • Working with Bundler
      • Working with Ruby
      • Ruby Behavior in Heroku
      • Troubleshooting Ruby Apps
    • Python
      • Working with Python
      • Background Jobs in Python
      • Python Behavior in Heroku
      • Working with Django
    • Java
      • Java Behavior in Heroku
      • Working with Java
      • Working with Maven
      • Working with Spring Boot
      • Troubleshooting Java Apps
    • PHP
      • PHP Behavior in Heroku
      • Working with PHP
    • Go
      • Go Dependency Management
    • Scala
    • Clojure
    • .NET
      • Working with .NET
  • Databases & Data Management
    • Heroku Postgres
      • Postgres Basics
      • Postgres Getting Started
      • Postgres Performance
      • Postgres Data Transfer & Preservation
      • Postgres Availability
      • Postgres Special Topics
      • Migrating to Heroku Postgres
    • Heroku Key-Value Store
    • Apache Kafka on Heroku
    • Other Data Stores
  • AI
    • Working with AI
  • Monitoring & Metrics
    • Logging
  • App Performance
  • Add-ons
    • All Add-ons
  • Collaboration
  • Security
    • App Security
    • Identities & Authentication
      • Single Sign-on (SSO)
    • Private Spaces
      • Infrastructure Networking
    • Compliance
  • Heroku Enterprise
    • Enterprise Accounts
    • Enterprise Teams
    • Heroku Connect (Salesforce sync)
      • Heroku Connect Administration
      • Heroku Connect Reference
      • Heroku Connect Troubleshooting
  • Patterns & Best Practices
  • Extending Heroku
    • Platform API
    • App Webhooks
    • Heroku Labs
    • Building Add-ons
      • Add-on Development Tasks
      • Add-on APIs
      • Add-on Guidelines & Requirements
    • Building CLI Plugins
    • Developing Buildpacks
    • Dev Center
  • Accounts & Billing
  • Troubleshooting & Support
  • Integrating with Salesforce
  • Security
  • Compliance
  • Heroku and GDPR

Heroku and GDPR

English — 日本語に切り替える

Last updated May 30, 2024

Table of Contents

  • Our GDPR commitment
  • Does the GDPR affect my organization?
  • Preparing our customers for the GDPR
  • More resources
  • More information

At Salesforce, trust is our #1 value and the protection of our customers’ data is paramount. We know that many organizations have questions about GDPR and the new obligations under GDPR. We have created this document to help you on your compliance journey.

The EU General Data Protection Regulation (GDPR) is a comprehensive European privacy law that takes effect on May 25, 2018. Salesforce welcomes this law as an important step forward in streamlining data protection requirements across the European Union and as an opportunity for Salesforce to deepen our commitment to data protection.

Our GDPR commitment

We are committed to our customers’ success, including compliance with the GDPR.

Similar to existing privacy laws, compliance with the GDPR requires a partnership between Salesforce and our customers in their use of our services. Salesforce will comply with the GDPR in the delivery of our service to our customers. We are also dedicated to helping our customers comply with the GDPR. We have closely analyzed the requirements of the GDPR, and are working to make enhancements to our products, contracts, and documentation to support compliance with the GDPR.

Does the GDPR affect my organization?

If you are processing personal data in the context of an organization established in the EU, the GDPR will apply to you, regardless of whether you are processing personal data in the EU or not. “Processing” means any operation performed on personal data such as collection, storage, transfer, dissemination, or erasure.

If you are not established in the EU, the GDPR applies to you if you are offering goods or services (whether paid or free) to EU data subjects or monitoring the behavior of EU data subjects within the EU. Monitoring can be anything from putting cookies on a website to track browsing behavior of data subjects to high tech surveillance activities.

Under European data protection law, organizations processing personal data are divided into “Controllers,” or the entities that control the personal data, and “Processors,” the entities that process personal data only on the instructions of the Controllers. The GDPR applies to both Controllers and Processors.

Preparing our customers for the GDPR

Here are several resources to help our customers prepare for the GDPR. Several considerations are listed within each of these topics.

Resource Description
Data Deletion for Heroku Sometimes it’s necessary to delete a customer’s personal data to comply with various data protection and privacy regulations. We give you examples of common requests and things to consider, so you can comply with the regulations that apply to you.
Consent Management for Heroku Track your customers’ approval for how your company interacts with them. To help you assess your compliance with various data protection and privacy regulations, we give you examples of common customer requests. And we provide details to help you determine the best way to comply with the regulations that apply to your company.
Restrict Data Processing for Heroku Some situations require you to prevent the processing of your customers’ data. We give you actions to consider so that you can work toward complying with the laws that are important to your company.
Data Portability for Heroku Your customers can request a copy of the data we received from them. To work toward complying with various data protection and privacy regulations, export the data and pack it up. We’ve given you examples of common customer requests and things to consider. That way, you can determine how best to work toward complying with the regulations that apply to your company.

More resources

We look forward to working with our customers’ GDPR compliance efforts. For more information, we encourage our customers to visit our GDPR Resource Website and take the EU Privacy Law Basics Module on Trailhead.

The Heroku Security Website explains the security processes we have in place to protect our customers and the Heroku Security, Privacy, and Compliance Website shows our customers how they can configure and implement additional security options.

To see our GDPR, Salesforce Processor Binding Corporate Rules, and Standard Contractual Clauses visit our Data Processing Addendum Website. To learn about Heroku’s architecture, features, restrictions, notices, infrastructure environment, sub-processors, etc., visit the Heroku Trust and Compliance Website.

More information

Salesforce Heroku customers are encouraged to contact Heroku Support if they have additional questions about how to best implement security measures and how to govern application deployment on Heroku.

Keep reading

  • Compliance

Feedback

Log in to submit feedback.

Heroku Security, Privacy, and Compliance Heroku Security, Privacy, and Compliance

Information & Support

  • Getting Started
  • Documentation
  • Changelog
  • Compliance Center
  • Training & Education
  • Blog
  • Support Channels
  • Status

Language Reference

  • Node.js
  • Ruby
  • Java
  • PHP
  • Python
  • Go
  • Scala
  • Clojure
  • .NET

Other Resources

  • Careers
  • Elements
  • Products
  • Pricing
  • RSS
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku Blog
    • Heroku News Blog
    • Heroku Engineering Blog
  • Twitter
    • Dev Center Articles
    • Dev Center Changelog
    • Heroku
    • Heroku Status
  • Github
  • LinkedIn
  • © 2025 Salesforce, Inc. All rights reserved. Various trademarks held by their respective owners. Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States
  • heroku.com
  • Legal
  • Terms of Service
  • Privacy Information
  • Responsible Disclosure
  • Trust
  • Contact
  • Cookie Preferences
  • Your Privacy Choices