Definition
Data Classification Download is a Setup feature that exports the data classification metadata for all fields in the org to a CSV file. This includes sensitivity levels, compliance categories, and data owner information assigned to each field, providing a comprehensive inventory for data governance and privacy audits.
Real-World Example
The data privacy officer at FinServe Bank downloads the Data Classification report to prepare for their annual GDPR audit. The CSV shows that 45 fields across 12 objects are classified as "Confidential" containing personal data, 200 fields are "Internal," and 15 fields need classification. She uses this report to verify that all PII fields have appropriate security controls.
Why Data Classification Download Matters
Data Classification Download is a Setup feature that exports the complete data classification metadata for all fields in a Salesforce org to a CSV file. This export includes the sensitivity level (Public, Internal, Confidential, Restricted), compliance category (GDPR, HIPAA, PCI, CCPA), field-level description, and data owner assignment for every standard and custom field across all objects. The CSV provides a comprehensive inventory that privacy officers and compliance teams use for audits, risk assessments, and regulatory reporting. It is the primary mechanism for extracting data governance metadata out of Salesforce for offline analysis.
For organizations subject to data protection regulations, Data Classification Download is an essential compliance tool. GDPR requires organizations to maintain a Record of Processing Activities (ROPA), and the classification download provides the field-level detail needed to document what personal data is stored, where it lives, and how it is categorized. During audits, privacy officers use this export to verify that all fields containing personally identifiable information (PII) have appropriate sensitivity levels and security controls in place. Without regular classification downloads, organizations risk having unclassified fields containing sensitive data — a gap that auditors flag as a compliance failure. Scheduling quarterly downloads and comparing them to previous versions also reveals newly created fields that may need classification.
How Organizations Use Data Classification Download
- FinServe Bank — FinServe Bank's data privacy officer downloads the Data Classification report quarterly to prepare for GDPR audits. The CSV reveals that 45 fields across 12 objects are classified as "Confidential" containing personal data, 200 fields are "Internal," and 15 fields need classification. She cross-references the Confidential fields against encryption and field-level security settings to verify all PII has appropriate protection.
- Apex Pharmaceuticals — Apex Pharmaceuticals uses the Data Classification Download to demonstrate HIPAA compliance during their annual IT audit. The CSV shows that all fields containing Protected Health Information (PHI) are classified as "Restricted" with HIPAA tagged as the compliance category. The audit team compares this against access logs to confirm that only authorized profiles can view these fields.
- GlobalTrade Logistics — GlobalTrade Logistics downloads the classification CSV after every major release to identify newly created custom fields that haven't been classified. Their governance process requires the release manager to compare the new download against the previous quarter's file, flag unclassified fields, and assign them to the appropriate data owners for classification before the next compliance review.