As of September 12, 2025, EU customers have new legal rights to access, move, or delete their data held by Salesforce, under European law.
This analysis describes what Salesforce's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The provision establishes that Salesforce's terms incorporate obligations arising from EU Data Act compliance, creating formal mechanisms for data subject requests. This creates specific procedural requirements for how Salesforce processes customer requests for data access, portability, and deletion.
Interpretive note: The page references the EU Data Act and describes customer rights at a high level but does not reproduce the operative contractual terms; the specific mechanisms and scope of rights would depend on the linked customer agreements and data processing addenda.
EU customers using Salesforce products may now have enforceable rights to request access to, transfer, or deletion of their data under the EU Data Act, which went into effect in September 2025. The practical mechanism for exercising these rights would be found in Salesforce's customer agreement and data processing terms.
Cross-platform context
See how other platforms handle EU Data Act Customer Rights Reference and similar clauses.
Compare across platforms →Monitoring
Salesforce has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"On September 12, 2025, the EU Data Act went into effect, giving customers more control over their data. This includes the right to access, transfer, or delete their data, providing greater flexibility and interoperability.— Excerpt from Salesforce's Salesforce Terms of Service
(1) REGULATORY LANDSCAPE: This reference directly engages the EU Data Act (Regulation (EU) 2023/2854), which imposes data portability and access obligations on data holders providing connected products or related services in the EU/EEA. Enforcement is distributed across EU member state authorities. The provision also intersects with GDPR data subject rights, and compliance teams should assess whether the EU Data Act creates obligations supplementary to or distinct from existing GDPR Article 20 portability rights. (2) GOVERNANCE EXPOSURE: Medium. The page acknowledges the EU Data Act's applicability to Salesforce customers but does not provide the operative contractual terms implementing these rights. Organizations relying on Salesforce as a data holder must verify that their data processing agreements and customer contracts have been updated to reflect the new portability and interoperability requirements introduced by the EU Data Act. (3) JURISDICTION FLAGS: This provision applies specifically to EU/EEA customers and organizations processing data subject to EU law. Non-EU customers are not directly affected by the EU Data Act, though analogous rights may exist under CCPA for California residents or other applicable data protection frameworks. (4) CONTRACT AND VENDOR IMPLICATIONS: Procurement teams with Salesforce as a vendor should confirm that existing data processing addenda and customer agreements address EU Data Act compliance, including technical interoperability requirements and data portability request handling procedures. This may require contract amendments if existing agreements predate September 2025. (5) COMPLIANCE CONSIDERATIONS: Compliance teams should map EU customer data flows processed through Salesforce, assess whether current data access and portability procedures satisfy the EU Data Act's requirements, and review Salesforce's published EU Data Act guidance at the linked URL. Organizations should also evaluate whether Salesforce's role as data holder versus data processor under the EU Data Act requires specific contractual treatment beyond existing GDPR data processing agreements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The provision establishes that Salesforce's terms incorporate obligations arising from EU Data Act compliance, creating formal mechanisms for data subject requests. This creates specific procedural requirements for how Salesforce processes customer requests for data access, portability, and deletion.
EU customers using Salesforce products may now have enforceable rights to request access to, transfer, or deletion of their data under the EU Data Act, which went into effect in September 2025. The practical mechanism for exercising these rights would be found in Salesforce's customer agreement and data processing terms.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Salesforce.