As of September 12, 2025, EU customers have new legal rights to access, move, or delete their data held by Salesforce, under European law.
This analysis describes what Salesforce's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision signals that EU/EEA Salesforce customers have expanded data rights that Salesforce has acknowledged, and that the underlying customer agreements may have been updated to reflect these obligations.
Interpretive note: The page references the EU Data Act and describes customer rights at a high level but does not reproduce the operative contractual terms; the specific mechanisms and scope of rights would depend on the linked customer agreements and data processing addenda.
EU customers using Salesforce products may now have enforceable rights to request access to, transfer, or deletion of their data under the EU Data Act, which went into effect in September 2025. The practical mechanism for exercising these rights would be found in Salesforce's customer agreement and data processing terms.
How other platforms handle this
If you are located in the European Economic Area, Switzerland, or the United Kingdom, you have the right to access, correct, or erase your personal data; the right to restrict or object to our processing of your personal data; the right to data portability; and, where our processing is based on your...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
We use information to enhance the quality, reliability, and/or accuracy of our AI Features by creating, developing, training, testing, improving, and maintaining AI and ML models run by Strava or our service providers. We use aggregated, de-identified data for this purpose. We also use personal info...
Monitoring
Salesforce has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"On September 12, 2025, the EU Data Act went into effect, giving customers more control over their data. This includes the right to access, transfer, or delete their data, providing greater flexibility and interoperability.— Excerpt from Salesforce's Salesforce Terms of Service
(1) REGULATORY LANDSCAPE: This reference directly engages the EU Data Act (Regulation (EU) 2023/2854), which imposes data portability and access obligations on data holders providing connected products or related services in the EU/EEA. Enforcement is distributed across EU member state authorities. The provision also intersects with GDPR data subject rights, and compliance teams should assess whether the EU Data Act creates obligations supplementary to or distinct from existing GDPR Article 20 portability rights. (2) GOVERNANCE EXPOSURE: Medium. The page acknowledges the EU Data Act's applicability to Salesforce customers but does not provide the operative contractual terms implementing these rights. Organizations relying on Salesforce as a data holder must verify that their data processing agreements and customer contracts have been updated to reflect the new portability and interoperability requirements introduced by the EU Data Act. (3) JURISDICTION FLAGS: This provision applies specifically to EU/EEA customers and organizations processing data subject to EU law. Non-EU customers are not directly affected by the EU Data Act, though analogous rights may exist under CCPA for California residents or other applicable data protection frameworks. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams with Salesforce as a vendor should confirm that existing data processing addenda and customer agreements address EU Data Act compliance, including technical interoperability requirements and data portability request handling procedures. This may require contract amendments if existing agreements predate September 2025. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should map EU customer data flows processed through Salesforce, assess whether current data access and portability procedures satisfy the EU Data Act's requirements, and review Salesforce's published EU Data Act guidance at the linked URL. Organizations should also evaluate whether Salesforce's role as data holder versus data processor under the EU Data Act requires specific contractual treatment beyond existing GDPR data processing agreements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision signals that EU/EEA Salesforce customers have expanded data rights that Salesforce has acknowledged, and that the underlying customer agreements may have been updated to reflect these obligations.
EU customers using Salesforce products may now have enforceable rights to request access to, transfer, or deletion of their data under the EU Data Act, which went into effect in September 2025. The practical mechanism for exercising these rights would be found in Salesforce's customer agreement and data processing terms.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Salesforce.