How Business Central Can Keep You GDPR Compliant

How Business Central Can Keep You GDPR Compliant

Gurdeep Bahra

Business Central Consultant|Kerv Digital

Published 06/07/22 under:

Have a question?

Get in touch

Easily Classify Your Data With Microsoft D365 BC

Learn how to stay compliant with the awesome tools provided by D365 Business Central

 

We recently wrote an article on the importance of classifying your data and the benefit’s it can bring to an organisation.

However, depending on the amount of data you have, classifying it may seem a bit of a daunting task! Fortunately, Microsoft’s Dynamics 365 Business Central is here to help.

Many different territories operate different data standard regulations. One of the best known is the EU’s GDPR or General Data Protection Regulations.

 

GDPR states there are different reasons for holding data and an organisation needs to classify why they hold each piece…

 

  • Consent – Under consent, an organisation can process an individual’s data if that person has consented to it.
  • Contractual Necessity – An individual doesn’t need to consent to their data being processed by an organisation if that data is needed for a contractual necessity. This also applies to the Right To Be Forgotten – Some information may need to be retained if required as part of a pre-existing contract.
  • Compliance With Legal Obligations – As with contractual necessity, it’s entirely inline with GDPR requirements to process an individuals data if the organisation is required to do so to fulfil a separate legal obligation.
  • Vital Interest – This is one of the rarest reasons to process an individual’s data but in life and death scenarios (and life and death doesn’t mean they just have to get your latest sales email) it’s entirely withing the remit of GDPR to do so.
  • Public Interest – Another form of data processing that’s compliant with GDPR but that most organisations won’t see (it’s more common for instance in news outlets for example) is the processing of an individual’s data when acting in the public interest.
  • Legitimate Interest – Legitimate Interest is by far the broadest category of classification for processing data and is defined as if an organisation has a legitimate interest in doing so.

 

As you can see, with so many different ways to classify data, it’s important to have a reliable way to do it… like D365 Business central.

 

  1. The first thing you’ll need to do if you’re hoping to classify data in your system for GDPR is to make sure you’re signed in correctly. If you don’t sign is as an Administrator of Users in the User Groups and Permissions role centre, you wont be able to access any of the awesome GDPR tools D365 BC has as standard.

 

It’s been set up that way as it’s a legal requirement for only authorised users (such as a Data Protection Officer) to access the privacy features within.

 

  1. After you’ve logged in with the correct profile you’ll find Business Central has added a Data Privacy activity pane that lists all of the handy GDPR features you can use.
  2. Clicking on Data Privacy will show you these options…

 

  1. Data Classification, will, as you’d expect, open up a Data Classification work sheet that will enable you to set the correct level of data sensitivity for all of your tables (both standard and custom).

 

  1. If you click the Set Up Data Classification button you’ll be presented with a wizard (a Data Classification Assisted Setup… not a graduate of Hogwarts). From here BC will let you import and export data from Excel which will massively help if you need to ever change classifications.

 

 

  1. Next you can go back to the Data Subjects Page. You’ll now see all the physical entities with their assigned classification attached. Once that’s done you can create a Data Privacy Utility so that, going forward, you’ll be able to see logs for every Data Privacy Activity.

 

 

  1. Clicking on Data Privacy Utility will open up another wizard; this one will let you either export all of the data you hold on an individuals in your systems (incredibly handy for Subject Access Requests) or create a complete data privacy configuration package.

 

 

  1. Exporting data for a subject access request will export either all the data you hold or just the data you request based on a sensitivity level.  You’ll be able to preview the export before it generates to make sure it all looks right and then generate an Excel spreadsheet which will be added to your role centres report inbox. If you instead create a data privacy configuration package, a data package for the subject will be created which you can then view and edit.

 

 

  1. Once you’re done, you’ll be able to see a log in the Data Privacy Activity as this is required by GDPR for all activities related to data manipulation.

 

These features in Dynamics 365 Business Central any organisation should easily be able to handle the vast majority of GDPR issues that come their way.

 

 

 

 

 

 

 

 

Related

You might also be interested in

From our world to yours

Kerv Digital Events: Nonprofit Marketing Journey & Customer Insights Live Demo

From our world to yours

The Role of AI in Government: Driving Operational Costs Down Whilst Improving...

From our world to yours

Sustainability, Social Impact and Technology Procurement in the Transport Sector  

From our world to yours

The Kerv and Genesys Partnership goes from Strength to Strength

From our world to yours

How BPOs can automate with care

From our world to yours

Focusing on employee engagement and performance matters

From our world to yours

Compliance Cloud: Overview & demonstrations

From our world to yours

Life at Kerv as a People Partner

From our world to yours

Unveiling The Latest Advancements: Microsoft Dynamics 365 – Release Wave 2

From our world to yours

4 Steps To Building A Compliance Solution

From our world to yours

Kerv is officially one of the UK’s Best Workplaces in Tech!

From our world to yours

Supporting Supporters: How Nonprofits Can Plan For The Future

From our world to yours

GoodShape Raises the Bar for Member Experience, Call Quality, & Compliance

From our world to yours

Qualitas: How small businesses coming together can aid GP practices

From our world to yours

Capacity vs Capability

From our world to yours

CV Library: How strong leadership focused on IT can be a vital...

From our world to yours

Microsoft Teams Telephony

From our world to yours

Voxivo4Teams Cloud Voice Solution

From our world to yours

Microsoft Teams Rooms

From our world to yours

What is Azure Arc?

From our world to yours

Delivering a platform to underpin Fotech’s rapid growth plans

From our world to yours

What is Shadow IT?

From our world to yours

The Low Code/No Code Canvas

From our world to yours

How Buckinghamshire NHS Trust sped up their service

From our world to yours

Capitalise on the Cloud Opportunity

Have a question?

Leave your details and a member of the team will be in touch to help.

"*" indicates required fields

By pressing send, you agree to our Terms and Conditions and Privacy Policy.
This field is for validation purposes and should be left unchanged.