That 12-month data retention clock is ticking. If you're juggling customer data between Salesforce and Zendesk, California's privacy law has handed you a major technical challenge: purge personal information consistently across both platforms without disrupting operations or missing anything that could trigger a violation.
Most companies tackle this with haphazard, manual processes—but that approach scales poorly and leaves you vulnerable to compliance gaps. Building proper automation between these platforms isn't just about avoiding fines—it creates efficiency your team will thank you for.
Explore more privacy compliance insights and best practices
California's privacy rules have grown teeth. The California Privacy Rights Act (CPRA) flips the script on how long you can keep customer data by introducing two core principles you can't ignore:
CPRA's data minimization principle means you can only collect and store the bare minimum personal information needed for your stated business purpose. Gone are the days of grabbing every possible data point "just in case." The law specifically requires you to:
This marks a 180-degree turn from previous practices where the risk generally came from not keeping enough data. Now, keeping too much creates liability.
Beyond limiting what you keep, CPRA demands transparency about retention timeframes. Your business must:
This disclosure must happen at or before the point of collection, giving consumers clear expectations about their data's lifecycle in your systems.
Here's where many businesses get tripped up: CPRA has a look-back provision that started January 1, 2022. This means your retention obligations apply retroactively to data you collected before the law fully took effect.
If you're just starting to implement retention automation now, you're already playing catch-up on data that may need purging. This adds urgency to getting your systems aligned and automated quickly.
Salesforce offers several viable approaches for implementing automated data purging, each with distinct advantages depending on your technical resources and complexity needs.
If your development resources are tight, Salesforce's scheduled triggered flows offer a powerful no-code solution that marketing or operations teams can implement.
These flows let you:
For example, you might create a flow that runs monthly to identify and delete completed tasks older than 365 days. The flow can include conditions to check related records or status fields before deletion to ensure compliance without destroying needed information.
The main advantage: no development resources required, and it's maintainable by system administrators.
For more complex purging requirements, scheduled Apex batch jobs provide maximum flexibility and power. This approach works especially well for enterprise-scale operations with millions of records or intricate retention rules.
The batch approach processes records in chunks, avoiding Salesforce's governor limits that would otherwise block bulk deletions. You can schedule this code to run automatically at your preferred intervals.
The main advantage: complete control over complex logic, relationship handling, and integration with other systems.
While Salesforce offers built-in automation options, Zendesk requires a more API-centric approach to implement compliant data purging.
Zendesk's API allows you to delete tickets programmatically, with rate limits that permit up to 400 ticket deletions per minute. This provides sufficient throughput for most organizations implementing a 12-month purge strategy.
To implement a robust purge process in Zendesk, you'll need to:
This approach can be implemented using various programming languages and hosted in cloud functions, scheduled jobs, or integration platforms depending on your existing technology stack.
The toughest challenge isn't setting up deletion in each system individually—it's ensuring they remain synchronized so you don't end up with orphaned or inconsistent data.
Before writing a single line of code, you need to understand exactly how data flows between your Salesforce and Zendesk instances:
This mapping exercise must involve stakeholders who understand both platforms and your business processes. The resulting documentation becomes your blueprint for synchronized deletion.
Several patterns prove effective for maintaining synchronized retention across platforms:
1. Central Orchestration Build a middleware layer that tracks retention dates across both systems and orchestrates deletion calls to each platform's API. This approach provides a single point of control but requires additional infrastructure.
2. Primary-Secondary Pattern Designate one system as primary (typically Salesforce) and trigger secondary deletions (in Zendesk) as part of the primary system's purge process. This approach leverages existing integration points but requires careful error handling.
3. Event-Driven Architecture Use events or webhooks to notify each system when deletions occur, allowing the receiving system to take appropriate action. This loosely-coupled approach provides flexibility but requires robust error handling and retry mechanisms.
The right choice depends on your existing architecture, technical capabilities, and volume of cross-platform data.
Creating a synchronized 12-month purge system isn't an overnight project. This phased approach helps ensure success:
During this phase, focus on what data you'll keep, for how long, and why. This foundation guides all technical implementation decisions.
This phase establishes your baseline and helps prioritize implementation efforts based on compliance risk.
The technical design should account for record volumes, relationship complexity, and your team's technical capabilities.
Implementation should proceed incrementally, with thorough testing at each stage.
This final phase ensures your implementation correctly applies your retention policies and maintains data consistency.
Watch for these frequently encountered issues that can undermine your compliance efforts:
Deleting a record in one system can break functionality in another if relationships aren't properly managed. For example, deleting a Salesforce contact might orphan related Zendesk tickets. Your deletion logic must account for these dependencies, potentially implementing soft-deletion approaches where necessary.
Personal information often hides in unexpected places like custom fields, notes, attachments, and activity histories. Your data inventory must be thorough, and your purge logic must address all locations where personal data resides.
Some records legitimately need longer retention periods due to:
Your automation must include exception handling to identify and preserve these records while still purging others.
Without proper logging and verification, you can't prove compliance with retention rules. Implement comprehensive audit trails that document what was deleted, when, and why to demonstrate due diligence if questioned by regulators.
Implementing a synchronized 12-month purge system across Salesforce and Zendesk initially feels like a regulatory burden, but it delivers unexpected benefits. Beyond CPRA compliance, proper retention automation:
The CPRA's data retention requirements push companies toward what they should have been doing all along: treating customer data as both valuable and temporary. By building robust, synchronized purge automation, you not only meet compliance obligations but create a more efficient, secure, and ethical data management approach.
The tools exist in both Salesforce and Zendesk to make this automation practical. The key lies in careful planning, clear policies, and thoughtful implementation that addresses the unique characteristics of both platforms while maintaining data consistency throughout the process.
