What is the most important tip for working with Privacy Center?

Privacy Center pays for itself on the second subject request. The first one teaches the team how much custom Apex they would otherwise write; the second is when the licensed cost looks reasonable next to the engineering hours saved.

AdministrationIntermediate

Privacy Center

Q: What is the primary benefit of Privacy Center for Salesforce administrators?

Privacy Center is an administration feature that empowers admins to manage the Salesforce environment through declarative, point-and-click configuration.

Q: In which area of Salesforce would you typically find Privacy Center?

Privacy Center is an administrative feature found in Salesforce Setup - the central hub where admins configure and manage the org.

Q: Can a Salesforce admin configure Privacy Center without writing code?

Privacy Center is a declarative admin feature, meaning it can be configured through Salesforce's point-and-click interface without writing any code.

Privacy Center is the Salesforce administration product that lets companies manage personal data inside their Salesforce org against privacy regulations like GDPR, CCPA, and LGPD.

Hear it

§ 01

Definition

Privacy Center is the Salesforce administration product that lets companies manage personal data inside their Salesforce org against privacy regulations like GDPR, CCPA, and LGPD. It packages five operational capabilities (Right to Be Forgotten, Right of Access, retention policies, consent tracking, and policy audit) into a single Setup app so the data privacy team can act on a data subject request without writing custom code.

Privacy Center is licensed as a paid add-on (not bundled with base Sales or Service licenses) and runs on top of the core Salesforce data model. It does not change where data lives; it gives the privacy team a workflow to find, delete, anonymize, export, or hold that data, plus an audit trail for the regulator. Most enterprise customers buy it after their first formal data subject request reveals how much custom Apex they would otherwise need to write to fulfill one.

§ 02

The five operational capabilities Privacy Center bundles into one Setup app

Right to Be Forgotten executor

The most-used capability is Right to Be Forgotten. The privacy team selects a subject (a Contact, a Lead, an external User), picks an erase policy template, and runs it. Privacy Center then walks the data model, anonymizing or deleting personal fields across the chosen objects according to the policy. It supports two modes: full delete (hard removes the row) and anonymize (replaces names and emails with random or hashed values while keeping the audit history). The output is a closure report listing every record touched, which the privacy officer can store for the regulator.

Right of Access export

Right of Access (a GDPR Article 15 obligation) is the right of a data subject to receive a copy of all personal data the company holds about them. Privacy Center runs a configurable query across every standard and custom object, packages the matching rows into a structured export (typically JSON or CSV), and produces a signed downloadable bundle the subject can receive. The query template is editable so the privacy team can include or exclude objects, decide whether attachments are bundled, and redact internal-only annotations.

Retention policies

Privacy Center supports declarative retention policies on a per-object basis: keep Closed Cases for 3 years, archive after 1 year of inactivity, delete after the retention window. The policies run as scheduled jobs and produce an audit log of every record acted on. Multiple policies can co-exist with different retention windows for different record types, and a single record can be marked Hold to override the policy when litigation or audit requires the data be preserved.

Consent and preference tracking

Privacy Center integrates with the standard Individual object (the Salesforce data subject record) to store consent and communication preferences. Every consent grant or revocation is timestamped and attributed to a source (web form, support call, email opt-out). Marketing Cloud and Pardot can read these values through the standard sharing rules to suppress sends, and the privacy team can audit the consent state of any subject at any point in time.

Audit trail

Every Privacy Center action writes to a Setup Audit Trail entry. The entry records who ran the action, against which subject, with which policy, on which date, and the count of records affected. Regulators routinely ask to see this audit trail as evidence the privacy program is operating. The audit log is queryable through the standard Setup Audit Trail UI and via API, so a privacy team can build a custom dashboard showing the volume of subject requests fulfilled per quarter.

Erase policy templates

The product ships with starter erase policies for the most common subject types (Lead, Contact, User, Person Account, Individual). The privacy team customizes each template by selecting the fields to anonymize, the related objects to follow, and the retention rule. Custom objects are added by clicking through the data model picker; Apex code is not required. The policy is saved and reusable across every subject request that follows the same shape, which is what makes the product faster than writing custom Apex per request.

Limitations and what Privacy Center does not do

Privacy Center operates on standard and custom Salesforce data. It does not reach into Marketing Cloud send logs, Mulesoft message queues, archived data in Big Objects, or any third-party system the privacy team needs to integrate separately. It does not handle pseudonymization across data warehouses; that is a downstream pipeline problem. And it does not enforce data minimization at write time; for that the team needs Field Audit Trail plus Shield Platform Encryption. The product is a workflow shell, not a complete privacy stack.

§ 03

Run a Right to Be Forgotten request in Privacy Center

Use Privacy Center to anonymize or delete every personal data point Salesforce holds about a single subject, then produce a closure report for the privacy officer.

Open Privacy Center
Setup, Privacy Center. The home tab shows open subject requests, recent runs, and policy health.
Look up the subject
Search by email, full name, or Salesforce ID. The result shows every matching record across Lead, Contact, Person Account, User, and the Individual object.
Select the erase policy
Pick the policy that matches the subject type (for example, Contact-FullErase). Review the field list and related objects the policy will touch. Adjust if this request needs an exception.
Run the policy
Click Run. Privacy Center queues a background job. For most subjects the job completes in seconds; large subjects with many cases, opportunities, and emails take a few minutes.
Review the closure report
The report lists every record acted on, the action taken (anonymize or delete), and any record that was skipped (held under retention, locked by litigation hold). Save the report PDF for your privacy file.
Confirm to the subject
Send the subject the standard confirmation email referencing the request ID. The audit trail entry preserves the evidence the team acted within the regulatory deadline.

Key options

Erase Policyremember

Reusable template that defines which fields to anonymize, which objects to follow, and what closure report to produce.

Retention Policyremember

Scheduled job that ages out records on a per-object basis. Supports archive, delete, and hold flags.

Right of Access Exportremember

Packaged data download with all personal data on a subject. Configurable to include or exclude attachments.

Hold Flagremember

Per-record marker that exempts a record from automated retention and erasure runs. Used for litigation or active investigations.

Gotchas

Privacy Center only acts on data in the Salesforce org. Marketing Cloud send logs, archived Big Object data, and third-party systems need their own privacy workflow.
Anonymization rewrites records in place. Reports and dashboards that filtered on the original email or name silently change after the run; refresh them and re-test.
The audit trail captures who ran each action. Privacy admins should use named user accounts (not a shared service user) so the trail attributes the action to a real person.
Erase policies that follow related objects can fan out across the data model unexpectedly. Test new policies in a sandbox first, with a representative subject, to confirm the scope is what you intended.

Trust & references

Sources

Cross-checked against the following references.

Official documentation

Straight from the source - Salesforce's reference material on Privacy Center.

Privacy Center Help DocumentationSalesforce Help
Individual ObjectSalesforce Help
Field Audit TrailSalesforce Help

Keep learning

Hands-on resources to go deeper on Privacy Center.

Was this entry helpful?

Help us write better definitions. Quick reactions or detailed edit suggestions.

About the Author

Dipojjal Chakrabarti is a B2C Solution Architect with 29 Salesforce certifications and over 13 years in the Salesforce ecosystem. He runs salesforcedictionary.com to help admins, developers, architects, and cert/interview candidates sharpen their fundamentals. More about Dipojjal.

Test your knowledge

Q1. What is the primary benefit of Privacy Center for Salesforce administrators?

Q2. In which area of Salesforce would you typically find Privacy Center?

Q3. Can a Salesforce admin configure Privacy Center without writing code?

Discussion

Loading…

Loading discussion…

Back to Dictionary