What to Know about Salesforce China Data Residency
ITC author
ITC
ITC

Navigating China's strict data regulations is crucial for brands seeking to deliver personalized customer experiences. The key lies in understanding and adopting an effective data residency approach, ensuring that sensitive information remains secure within China's borders.

In this article, we’ll simplify the complexities of China data regulations and explore how to leverage best local data for global success with Salesforce China data residency solutions.

China Data Regulations and Its Effects

China is a place with immense market size and opportunities. However, brands must learn how to navigate its unique digital ecosystem that differs vastly from the rest of the world. A crucial aspect of this is understanding China's comprehensive data protection regulations.

China Data Residency Regulations - Personal Information Protection Law (PIPL)

China’s Personal Information Protection Law (PIPL), enacted in 2021, is a key component of China's data governance framework. It establishes rules around collection, use, and processing of personal information by all organizations working with China data, inside or outside of the country.

The goal of PIPL is to maintain the protection of personal and sensitive personal data obtained within China. It ensures that they are handled in a secure and compliant manner within China's borders.

Under this law, companies and organizations that collect and use personal information must adhere to specific guidelines regarding data storage and processing locations and methods.

This makes data collection, utilization, and especially cross-border data transfer quite challenging for international and B2B businesses operating in China with global headquarters.

The Challenges of China Cross-Border Data Transfer

All cross-border data transfers in China are mainly regulated by PIPL. Brands are generally permitted to export data outside of the Chinese border through one of the following 3 legal pathways:

  1. Passing the National Cyberspace Department's Security Assessment
  2. Obtaining the Personal Information Protection Certification from a relevant institution
  3. Signing a Standard Contract stipulating rights and obligations with the overseas recipient

PIPL applies to all businesses that handle data originating from China, regardless of their location, making compliance a necessity.

Global brands often transfer data from China to their headquarters abroad. Thus, they must carefully navigate these cross-border data transfers to ensure they meet PIPL regulations.

Qualification for Transferring Data Across China's Border By Signing Contracts with Oversea Recipients

The convoluted process of gaining legal permission for cross-border data transfers has caused a severe strain on international companies. January 2024 saw a paltry 25% data export approval rate, leaving thousands of pending requests. This backlog has severely hampered companies' expansion plans, as they cannot freely transfer data across borders without time-consuming procedures.

Fortunately, early 2024 saw an update on China’s cross-border data transfer regulations that introduced exemptions to undergo security assessments for certain data exports. This has eased cross-border data transfer challenges by alleviating compliance burdens to an extent.

Nonetheless, Chinese database localization remains crucial to ensure PIPL compliance and minimize all risks associated with data sovereignty.

The Importance of China Data Localization

As mentioned above, a company must store 100% of the collected personal data within Mainland China. This involves establishing infrastructure in China and a centralized Customer Relationship Management (CRM) system.

The data can be processed and anonymized within China before getting transferred abroad to global headquarters or other vendors. In fact, this is currently the best solution for data residency.

On top of ensuring data compliance, local databases can enhance data access speed and reliability for team members in China. This is particularly important for applications that demand real-time data processing or low latency, as it ensures a smooth user experience.

Best Approach to China Data Residency

The key is to keep all collected data within the borders of China while sending duplicate versions of data without the legally sensitive information overseas. This ensures compliant with data sovereignty requirements.

The main gist is:

  1. Store and process data within China to eliminate all compliance risks involved in cross-border data transfer
  1. Duplicate the collected data, then redact, censor, or remove all personal and sensitive information (including name, address, phone number, etc.) which are mostly unneeded by global teams
  1. Send this anonymized version of the data to locations outside of China, such as global CRM, cloud storage, and global data processing vendors...

With the depersonalization of data, brands can process information locally before consolidating it in the global database. This effortlessly creates a win-win scenario where companies can empower building local and global customer profiles and holistic data analysis for future targeting strategies, while fully adhering to China's data regulations.

Salesforce China Data Residency Solution

Salesforce China Data Residency Approach

Salesforce China has recently landed in the country, in collaboration with Alibaba Cloud (Aliyun). The localized version of the CRM powerhouse is emerging as the go-to integrated CRM solution for businesses operating in China to connect all channels and company departments, providing a comprehensive customer data view.

Salesforce CRM can empower data residency for businesses operating in China by operating 2 distinct Salesforce instances:

  • The Salesforce global CRM instance runs on Salesforce's worldwide data centers, providing brand headquarters with a comprehensive view of depersonalized local consumer data, including from China.
  • The Salesforce China CRM instance, hosted on Aliyun, efficiently consolidates, stores, and processes data captured within China. It offers flexible options to customize and redact personal information, which is marked as "REDACTED," while non-regulated information remains in clear text. This ensures that sensitive user data does not leave China's borders.

This dual-data storage system of Salesforce CRM upholds compliance seamlessly without compromising user experience.

Users in China can benefit from robust features and better data utilization, while overseas headquarters maintains a global-360 view of depersonalized local consumer data, making an optimal Salesforce China data residency solution.

How IT Consultis (ITC) Can Help

Awarded as the Gold Winner of Greater China Specialist Agency of the Year 2023 for Clienteling and CRM, ITC is partnering up with Salesforce China to help businesses construct a tailored, all-encompassing CRM foundation for China.

We are thrilled to assist you in onboarding Salesforce CRM to seamlessly integrate with both your global CRM and local business systems. This effective streamlining of data flow can accelerate your sales, engagement, and loyalty, while ensuring compliance with China data regulations.

Ready to Incorporate Salesforce China CRM into Your Digital Strategy?

FAQs

What is Data Residency and Data Sovereignty?
Does Salesforce Have a Data Center in China?
Does Salesforce Use Aliyun?