Salesforce · Salesforce Terms of Service

EU Data Act Compliance Notice

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Salesforce publicly acknowledges that the EU Data Act took effect on September 12, 2025, and that it gives EU customers new rights to access, transfer, or delete their data held by Salesforce.

Consumer impact (what this means for users)

EU Salesforce customers gained enforceable rights on September 12, 2025 to access, transfer, and delete their data under the EU Data Act — rights that go beyond prior GDPR portability provisions and apply specifically to data generated through use of Salesforce's connected products and services.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Export Your Data
    Review Salesforce's EU Data Act guidance to understand your specific rights to access, transfer, or delete your data, then contact your Salesforce account representative to exercise those rights.

Cross-platform context

See how other platforms handle EU Data Act Compliance Notice and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

This is a direct acknowledgment by Salesforce of binding EU regulatory obligations — EU customers now have enforceable rights to data portability and deletion under the EU Data Act that Salesforce must honor.

View original clause language
On September 12, 2025, the EU Data Act went into effect, giving customers more control over their data. This includes the right to access, transfer, or delete their data, providing greater flexibility and interoperability.

Institutional analysis (Compliance & legal intelligence)

(1) REGULATORY FRAMEWORK: The EU Data Act (Regulation 2023/2854) is enforced by EU Member State competent authorities designated under Article 37. It creates obligations for data holders (including cloud service providers like Salesforce) to make data accessible and portable upon user request, with interoperability requirements. It intersects with GDPR Article 20 (data portability) but extends beyond personal data to include non-personal IoT and cloud-generated data. Cloud switching obligations under Chapter VI of the Data Act are also applicable to Salesforce as a cloud service provider. (2)

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • State AG
    EU Member State competent authorities designated under EU Data Act Article 37 are the primary enforcers; for EU users, the equivalent of State_AG in their Member State would handle complaints.
    File a complaint →

Provision details

Document information
Document
Salesforce Terms of Service
Entity
Salesforce
Document last updated
April 29, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003544
Document ID
CA-D-00201
Evidence Provenance
Source URL
https://www.salesforce.com/company/legal/agreements/
Wayback Machine
View archived versions →
SHA-256
7c8740f523ee42b213fc88edccb5d46185174237c1a8ca31a8fe1a6da45c4db1
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Salesforce | Document: Salesforce Terms of Service | Record: CA-P-003544
Captured: 2026-04-27 14:22:34 UTC | SHA-256: 7c8740f523ee42b2…
URL: https://conductatlas.com/platform/salesforce/salesforce-terms-of-service/eu-data-act-compliance-notice/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document