Salesforce Certified Data Architect — Question 14

To address different compliance requirements such as General Data Protection Regulation (GDPR), personally identifiable information (PII), Health Insurance Portability and Accountability Act (HIPPA) and others, a Salesforce customer decided to categorize each data element in Salesforce with the following:
1. Data owner
2. Security level (i.e. confidential)
3. Compliance type (i.e. GDPR. PII, HIPAA)
A compliance audit would require Salesforce admins to generate reports to manage compliance.
What should a data architect recommend to address this requirement?

Answer options

• A. Build reports for field Information, then export the information to classify and report for audits.
• B. Create a custom object and field to capture necessary compliance information and build custom reports.
• C. Use the Metadata API to extract field attribute information and use the extract to classify and build reports.
• D. Use field metadata attributes for compliance categorization, data owner, and data sensitivity level.

Correct answer: D

Explanation

The correct answer, D, is appropriate because field metadata attributes are specifically designed to hold information regarding compliance categorization, data ownership, and sensitivity levels. Options A and C involve additional steps that are less efficient, while option B suggests creating custom objects which may complicate the reporting process rather than utilizing existing metadata.