Digital Marketing & Automation Blog

Marketing automation blog

Tokenization in Salesforce & Marketing Cloud to Comply with Canadian Data Residency Requirements

There are data residency requirements through Government legislation in Canada that mandates businesses to store personally identifiable information (PII) of their customers only in Canada. The requirements are even stricter for certain industries, such as financial services.

For Salesforce CRM, the servers are based out of Canada and thus all the information is saved within the country. However, Marketing Cloud servers are based out of the USA, so Canadian businesses that are from one of the industries regulated by data residency legislation will have to tokenize any PII information if they plan to use SFMC.

From my own personal experience, I have found that the Datex solution can be used to tokenize the PII like name, email address etc when it is stored in Marketing Cloud and at the time of email deployment, an external service can be used to detokenize the information and send out the email. For a company that has several lines of businesses out of which only one or two are regulated by the data residency act, you can create special Business Units to store tokenized data and other non tokenized Business units.


You have a Salesforce CRM Account that is connected to your Marketing Cloud Account. Your Marketing Cloud instance has several Business units out of which one is a Tokenized Business Unit. This Tokenized Business unit is integrated with your Salesforce CRM instance. You have an external system that hosts details of your customers whom you want to send email communication through Marketing Cloud. This external system runs a process every day to send events to Salesforce with details like customer first name, customer last name, customer email etc. When Salesforce receives events for tokenized Business Unit, it makes an API call to the datex solution that will tokenize the PII and send it back to Salesforce. Now Salesforce has a first name, last name, and email as well as tokenized first name, tokenized last name, tokenized email etc. Now create a process flow in Salesforce to add this data into a campaign as campaign members (lead or contact). Now create a journey in a Marketing cloud Tokenized Business unit with entry source as campaign member created updated. Provide the Salesforce Connector API user to access only the tokenized fields. This will ensure Marketing Cloud only gets tokenized data. Now use another service to deploy the email that will get tokenized data from Marketing Cloud and it will detokenize this information with help from datex server.




Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top