How Business Central Can Keep You GDPR Compliant

How Business Central Can Keep You GDPR Compliant

Gurdeep Bahra

Business Central Consultant|Kerv Digital

Published 06/07/22 under:

Have a question?

Get in touch

Easily Classify Your Data With Microsoft D365 BC

Learn how to stay compliant with the awesome tools provided by D365 Business Central

 

We recently wrote an article on the importance of classifying your data and the benefit’s it can bring to an organisation.

However, depending on the amount of data you have, classifying it may seem a bit of a daunting task! Fortunately, Microsoft’s Dynamics 365 Business Central is here to help.

Many different territories operate different data standard regulations. One of the best known is the EU’s GDPR or General Data Protection Regulations.

 

GDPR states there are different reasons for holding data and an organisation needs to classify why they hold each piece…

 

  • Consent – Under consent, an organisation can process an individual’s data if that person has consented to it.
  • Contractual Necessity – An individual doesn’t need to consent to their data being processed by an organisation if that data is needed for a contractual necessity. This also applies to the Right To Be Forgotten – Some information may need to be retained if required as part of a pre-existing contract.
  • Compliance With Legal Obligations – As with contractual necessity, it’s entirely inline with GDPR requirements to process an individuals data if the organisation is required to do so to fulfil a separate legal obligation.
  • Vital Interest – This is one of the rarest reasons to process an individual’s data but in life and death scenarios (and life and death doesn’t mean they just have to get your latest sales email) it’s entirely withing the remit of GDPR to do so.
  • Public Interest – Another form of data processing that’s compliant with GDPR but that most organisations won’t see (it’s more common for instance in news outlets for example) is the processing of an individual’s data when acting in the public interest.
  • Legitimate Interest – Legitimate Interest is by far the broadest category of classification for processing data and is defined as if an organisation has a legitimate interest in doing so.

 

As you can see, with so many different ways to classify data, it’s important to have a reliable way to do it… like D365 Business central.

 

  1. The first thing you’ll need to do if you’re hoping to classify data in your system for GDPR is to make sure you’re signed in correctly. If you don’t sign is as an Administrator of Users in the User Groups and Permissions role centre, you wont be able to access any of the awesome GDPR tools D365 BC has as standard.

 

It’s been set up that way as it’s a legal requirement for only authorised users (such as a Data Protection Officer) to access the privacy features within.

 

  1. After you’ve logged in with the correct profile you’ll find Business Central has added a Data Privacy activity pane that lists all of the handy GDPR features you can use.
  2. Clicking on Data Privacy will show you these options…

 

  1. Data Classification, will, as you’d expect, open up a Data Classification work sheet that will enable you to set the correct level of data sensitivity for all of your tables (both standard and custom).

 

  1. If you click the Set Up Data Classification button you’ll be presented with a wizard (a Data Classification Assisted Setup… not a graduate of Hogwarts). From here BC will let you import and export data from Excel which will massively help if you need to ever change classifications.

 

 

  1. Next you can go back to the Data Subjects Page. You’ll now see all the physical entities with their assigned classification attached. Once that’s done you can create a Data Privacy Utility so that, going forward, you’ll be able to see logs for every Data Privacy Activity.

 

 

  1. Clicking on Data Privacy Utility will open up another wizard; this one will let you either export all of the data you hold on an individuals in your systems (incredibly handy for Subject Access Requests) or create a complete data privacy configuration package.

 

 

  1. Exporting data for a subject access request will export either all the data you hold or just the data you request based on a sensitivity level.  You’ll be able to preview the export before it generates to make sure it all looks right and then generate an Excel spreadsheet which will be added to your role centres report inbox. If you instead create a data privacy configuration package, a data package for the subject will be created which you can then view and edit.

 

 

  1. Once you’re done, you’ll be able to see a log in the Data Privacy Activity as this is required by GDPR for all activities related to data manipulation.

 

These features in Dynamics 365 Business Central any organisation should easily be able to handle the vast majority of GDPR issues that come their way.

 

 

 

 

 

 

 

 

Related Articles

You might also be interested in

From our world to yours

Going Beyond The Theory: Kerv Digital & The DVSA

From our world to yours

Life @ Kerv Digital As A Performance Analyst

From our world to yours

Four ways to defend against Cyber Criminals attempt to infiltrate Contact Centres

From our world to yours

Microsoft Cloud For Nonprofit: Fundraising & Engagement

From our world to yours

Kerv Group brings rich, actionable insights to bear on improving performance management...

From our world to yours

4 ways to integrate your Contact Centre and CRM to deliver brilliant...

From our world to yours

Kerv Digital 2022 Wrap-Up

From our world to yours

Life @ Kerv Digital As A Recruitment & People Analytics Manager

From our world to yours

CX Translate Opens the Door to International Understanding in Cross-Border Contact Centres

From our world to yours

Cloud Confessions: Q&A with CTO on Communications Compliance

From our world to yours

Helping With Hackathon Fundamentals

From our world to yours

Kerv Digital & Microsoft Solutions Partner Designations

From our world to yours

Life at Kerv as a Billing & Operations Co-Ordinator

From our world to yours

Deciphering Digital Transformation

From our world to yours

4 Things to Bear in Mind About Microsoft Teams Policy Based Recording

From our world to yours

Understanding EX: Achieving the utmost from workforce engagement management (WEM)

From our world to yours

Working Wellness: More Kerv Digital Benefits

From our world to yours

Cloud is not a destination

From our world to yours

How SD-WAN enables service provider flexibility, enhancing connectivity and reducing cost

From our world to yours

Taking the guesswork out of managing your future bandwidth demand

From our world to yours

Application Performance: User Experience

From our world to yours

Rapid Site Deployment and its Impact on Retail Profitability Across Store Locations

From our world to yours

Why your network infrastructure is key in mergers and acquisitions

From our world to yours

Data Platform Pragmatism

From our world to yours

Will SD-WAN really save money and why you must take a proper...

Have a question?

Leave your details and a member of the team will be in touch to help.
By pressing send, you agree to our Terms and Conditions and Privacy Policy.
This field is for validation purposes and should be left unchanged.