How Business Central Can Keep You GDPR Compliant

How Business Central Can Keep You GDPR Compliant

Gurdeep Bahra

Business Central Consultant|Kerv Digital

Published 06/07/22 under:

Have a question?

Get in touch

Easily Classify Your Data With Microsoft D365 BC

Learn how to stay compliant with the awesome tools provided by D365 Business Central

 

We recently wrote an article on the importance of classifying your data and the benefit’s it can bring to an organisation.

However, depending on the amount of data you have, classifying it may seem a bit of a daunting task! Fortunately, Microsoft’s Dynamics 365 Business Central is here to help.

Many different territories operate different data standard regulations. One of the best known is the EU’s GDPR or General Data Protection Regulations.

 

GDPR states there are different reasons for holding data and an organisation needs to classify why they hold each piece…

 

  • Consent – Under consent, an organisation can process an individual’s data if that person has consented to it.
  • Contractual Necessity – An individual doesn’t need to consent to their data being processed by an organisation if that data is needed for a contractual necessity. This also applies to the Right To Be Forgotten – Some information may need to be retained if required as part of a pre-existing contract.
  • Compliance With Legal Obligations – As with contractual necessity, it’s entirely inline with GDPR requirements to process an individuals data if the organisation is required to do so to fulfil a separate legal obligation.
  • Vital Interest – This is one of the rarest reasons to process an individual’s data but in life and death scenarios (and life and death doesn’t mean they just have to get your latest sales email) it’s entirely withing the remit of GDPR to do so.
  • Public Interest – Another form of data processing that’s compliant with GDPR but that most organisations won’t see (it’s more common for instance in news outlets for example) is the processing of an individual’s data when acting in the public interest.
  • Legitimate Interest – Legitimate Interest is by far the broadest category of classification for processing data and is defined as if an organisation has a legitimate interest in doing so.

 

As you can see, with so many different ways to classify data, it’s important to have a reliable way to do it… like D365 Business central.

 

  1. The first thing you’ll need to do if you’re hoping to classify data in your system for GDPR is to make sure you’re signed in correctly. If you don’t sign is as an Administrator of Users in the User Groups and Permissions role centre, you wont be able to access any of the awesome GDPR tools D365 BC has as standard.

 

It’s been set up that way as it’s a legal requirement for only authorised users (such as a Data Protection Officer) to access the privacy features within.

 

  1. After you’ve logged in with the correct profile you’ll find Business Central has added a Data Privacy activity pane that lists all of the handy GDPR features you can use.
  2. Clicking on Data Privacy will show you these options…

 

  1. Data Classification, will, as you’d expect, open up a Data Classification work sheet that will enable you to set the correct level of data sensitivity for all of your tables (both standard and custom).

 

  1. If you click the Set Up Data Classification button you’ll be presented with a wizard (a Data Classification Assisted Setup… not a graduate of Hogwarts). From here BC will let you import and export data from Excel which will massively help if you need to ever change classifications.

 

 

  1. Next you can go back to the Data Subjects Page. You’ll now see all the physical entities with their assigned classification attached. Once that’s done you can create a Data Privacy Utility so that, going forward, you’ll be able to see logs for every Data Privacy Activity.

 

 

  1. Clicking on Data Privacy Utility will open up another wizard; this one will let you either export all of the data you hold on an individuals in your systems (incredibly handy for Subject Access Requests) or create a complete data privacy configuration package.

 

 

  1. Exporting data for a subject access request will export either all the data you hold or just the data you request based on a sensitivity level.  You’ll be able to preview the export before it generates to make sure it all looks right and then generate an Excel spreadsheet which will be added to your role centres report inbox. If you instead create a data privacy configuration package, a data package for the subject will be created which you can then view and edit.

 

 

  1. Once you’re done, you’ll be able to see a log in the Data Privacy Activity as this is required by GDPR for all activities related to data manipulation.

 

These features in Dynamics 365 Business Central any organisation should easily be able to handle the vast majority of GDPR issues that come their way.

 

 

 

 

 

 

 

 

Related Articles

You might also be interested in

From our world to yours

Casting An Eye On A CoE

From our world to yours

Growing Our Group Capabilities with Monochrome Consultancy

From our world to yours

Uncovering Unconscious Bias

From our world to yours

Life @ Kerv Digital As A Solution Architect

From our world to yours

CX & EX Reimagined: Driving customer loyalty and employee wellbeing through Genesys...

From our world to yours

Facilitating Your Finance Department With Business Central

From our world to yours

Artificial Intelligence: The Dawn Of A New Era

From our world to yours

6 Benefits of Managed Security Service Providers

From our world to yours

Kerv Digital Events: Microsoft Cloud For Nonprofit Live Demo

From our world to yours

Kerv Digital SNT 2023

From our world to yours

All About Automation

From our world to yours

Life @ Kerv Digital As A Business Central Support Consultant

From our world to yours

Why the SLA isn’t enough – what really matters when choosing an...

From our world to yours

Accelerate your communications compliance with MS Teams

From our world to yours

What Makes a Good Managed Service Provider

From our world to yours

A Deep Dive Into Data Science

From our world to yours

Life at Kerv as a Commercial Director

From our world to yours

The Importance of Sustainability and the Changes We Need to Make

From our world to yours

Decision Making Problems & How To Navigate Them

From our world to yours

Microsoft Cloud For Nonprofit: Campaigns

From our world to yours

Email vs Messaging: The Search for a Better Customer Experience

From our world to yours

Life @ Kerv Digital As A Full Stack Developer

From our world to yours

Microsoft Cloud For Nonprofit: Volunteers

From our world to yours

A Kerv Digital & Firebrand Training Success

From our world to yours

Going Beyond The Theory: Kerv Digital & The DVSA

Have a question?

Leave your details and a member of the team will be in touch to help.

"*" indicates required fields

By pressing send, you agree to our Terms and Conditions and Privacy Policy.
This field is for validation purposes and should be left unchanged.