The General Data Protection Regulation (GDPR), agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive in Spring 2018 as the primary law regulating how companies protect European Union (EU) citizens’ personal data. Companies must ensure that they’re compliant with the new requirements of the GDPR before it becomes effective on May 25, 2018. Companies that fail to achieve GDPR compliance before the deadline will be subject to stiff penalties and fines. GDPR requirements apply to each member state of the EU, aiming to create more consistent protection of consumer and personal data across EU nations.
It imposes new rules on companies, non-profits, government agencies and other organizations that offer goods and services to people in the EU, or that collect and analyzes data tied to EU residents.
Some key elements of the GDPR are the following:
Enhanced personal privacy rights.
Strengthened data protection for residents of the EU by ensuring that they have the right to:
- Access their personal data
- Correct errors in their personal data
- Erase personal data
- Object to processing of their personal data
- Export personal data
Mandatory personal data breach reporting.
Organizations that control personal data are subject to firm reporting and notification requirements in the event of a personal data breach.
Organizations will need to:
- Protect personal data using appropriate security
- Notify authorities of personal data breaches
- Obtain appropriate consents for processing data
- Keep records detailing data processing
Reinforced accountability of organizations that process personal data, providing increased clarity of responsibility in ensuring compliance.
Organizations are required to:
- Provide clear notice of data collection
- Outline processing purposes and use cases
- Define data retention and deletion policies
Significant penalties for non-compliance.
Steep sanctions, including substantial fines that are applicable whether an organization, has intentionally or inadvertently failed to comply.
As you might anticipate, the GDPR may have a significant impact on your business, potentially requiring you to update privacy policies, implement and strengthen data protection controls and breach notification procedures, deploy highly transparent policies, and further invest in IT and training.
We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently preparing for the GDPR. GDPR will come into effect in less than three months. If your current CRM system doesn’t support these GDPR compliant features, now is the time to find a new solution, before it’s too late!
Steps to Compliance with your Dynamics 365 CRM System Include:
- Implementing field security profiles to redact client information from users in other countries
- Setting up a GDPR business unit to hold Accounts, Contacts, and Leads that may contain private details
- Implementing a data encryption technique that you can click a button on a record, and the personal details for that record are encrypted so users cannot access the data
- Turning on custom auditing for all system or custom entities that contain an individual’s personal details to keep track of what is being viewed
- A Personal Data report can be generated and sent to any individual or company requesting it. This will show them their personal sensitive data controlled in your system.
- Removing all sensitive data from records that you will no longer do business with, so it doesn’t remain forever in Dynamics 365.
Microsoft has also shared a 5-step plan to begin the journey to GDPR compliance:
“GDPR is coming. But with Microsoft’s information protection solutions, we will have a more efficient way to handle compliance.”
No matter where you are in your GDPR efforts, the Microsoft Cloud and our intelligent compliance solutions in Microsoft 365 can help you on your journey to GDPR compliance. Microsoft products and services are available to help you meet the GDPR requirements. Through cloud services and on-premises solutions, Microsoft will help you locate and catalog the personal data in your systems, build a more secure environment, simplify your management and monitoring of personal data, and give you the tools and resources you need to meet the GDPR reporting and assessment requirements.
Josh serves as Vice President of Sales for Dynamic Consultants Group. He has had the opportunity to consult for over 150 companies across the United States, Europe, and Asia in a wide range of industries. Throughout his career, he has served in multiple capacities for sectors such as telecommunications, automotive, and retail. He has spent most of his career working with entrepreneurs and senior management to improve processes, increase revenue, and drive digital transformation. Josh has traveled the globe speaking and presenting; his largest passion is using Microsoft technologies to empower and change lives, organizations, and governments. As a hobby, Josh is an award-winning photographer, an avid reader, investor, and pilot.