The General Data Protection Regulation (GDPR) was designed by the European Parliament and Council to replace the Data Directive 95/46/ec in May of 2018. As a result, the GDPR will be the main regulation guiding how organizations handle and protect the personal data of EU citizens.
Based on the GDPR, any company who handles the personal data of an EU citizen will be affected and must comply. While there are many companies already in compliance with the Data Protection Directive, they must now ensure they will be compliant with GDPR before May 25, 2018.
Click here to download our free ebook on Dynamics 365 and get answers to your questions!
So, the GDPR does not only apply to every member state in the EU, but also to any company who does business in the EU and with EU citizens. On the one hand, there will be changes to make in the way data is handled—that can cost more resources than some companies want to expend.
On the other hand, dealing with one major regulation helps to ease the confusion of dealing with differing local privacy laws of each EU nation. How does this affect Microsoft Dynamics 365 and you? Keep reading to learn more.
What you need to know about the GDPR’s requirements
Within the GDPR, there are 11 chapters and 91 articles. It will take a detailed reading to fully understand how to comply with all the requirements. For starters, it mandates that companies must implement the appropriate data protection measures to protect personal data against breaches—this is of utmost importance, especially when dealing with the personal data of EU citizens.
It goes even further. If you take a look at Articles 31 and 32, they require notification of a data breach within 72 hours. Also, a detailed explanation of the breach must be given to GDPR regulators.
Furthermore, Article 35 states that some companies—especially larger companies—must employ data protection officers when they are dealing with personal data regarding religious beliefs, health, genetic data and ethnic origin. The data protection officers will act as a point of contact between the organization and GDPR’s Supervising Authorities (SAs).
Regarding penalties, Article 79 conveys that the penalty for GDPR non-compliance can be up to four percent of the company’s global annual revenue, or $20 million. As you can see, the key changes revolve around:
- Personal data
- Transparency policies
- Notifications
- Controls
- IT training
Learn more on how to manage your business with Dynamics 365
Prepare for the GDPR
To get ready for GDPR, Gartner recommends for companies to outline specific actions to ensure compliance with the requirements. The first step should be to designate data protection officers. The next step is to ensure transparency and accountability for all personal data processing activities, especially data that flows through the EU.
Then, companies must have a process in place for when EU citizens exercise their rights to be informed of a data breach and their right to be forgotten. It is also crucial to then assess your company’s readiness for GDPR.
Make sure to prioritize the resources you need and the processes that need to be updated. Because the regulations have such a large scope, it is necessary for every level of the company to attain an understanding of both the implications of non-compliance and what is needed to meet the requirements.
Every department must be involved in ensuring GDPR compliance. This can take continual training, meetings, updates and refresher courses so that everyone remains on board with the regulations. Essentially, you must provide a forensic trail and make sure everything is logged.
Embrace DevSecOps
For GDPR compliance, the focus must also be on incorporating quality governance and security features. These must be embedded throughout all software applications.
So, when customizing and developing business apps, it’s critical to embed compliance measures early. When your company embraces DevSecOps practices, you can continue with forward-thinking innovations while enabling compliance.
Microsoft and the GDPR
It helps to note that Microsoft was the first major cloud services provider to ensure compliance. Microsoft has been an industry leader in ISO 27018, HIPAA and Model clauses. As a result, Microsoft is also leading the industry on GDPR compliance. Since Microsoft offers a single stack solution, every single piece works together seamlessly.
“GDPR is coming. But with Microsoft’s information protection solutions, we will have a more efficient way to handle compliance.”
—Erlend Skuterud, chief information security officer for Yara
With Dynamics 365, you can utilize Audit data, user activity, reporting, and analytics. Microsoft cloud services will continue to be compliant with the GDPR. Since GDPR compliance must be an ongoing process, Microsoft does offer a free GDPR benchmark assessment tool for Dynamics 365, Azure, Office 365 Business, and Enterprise. After taking the assessment, you can use your compliance score to determine your company’s compatibility with the GDPR.
With Dynamics 365, here a few features to help you identify personal data:
- Quick Find
- Filters
- Relevance Search
- Advanced Find
Moreover, Dynamics 365 gives you the ability to build an application extension specifically for data classification. When your company receives incoming GDPR requests, your customers can set up Forms and Views—using Entity and Field levels—to view their personal data.
And, you can customize data classification further at the Row level. Let’s take this even further. If you use Office 365, you’ll notice the suite has several tools for data classification and protections such as:
- Encryption
- Access restrictions
- Advanced Data Governance
With the right security controls, you can more efficiently respond to data breaches and vulnerabilities. Your company can also decrease the risk of a data breach. At the heart of compliance is exhibiting successful processes for governing data and managing data subject requests. Microsoft and Dynamics 365 can help you get there.
Want more information on what a partnership with Sherweb looks like? Check out our InfoKit.
Final thought
There isn’t any question that GDPR compliance can be a complicated process with highly specific requirements and steps. But, you don’t have to tackle these regulations alone. Take Microsoft’s assessment tool, and find peace in the knowledge that Microsoft’s technologies will always be GDPR compliant.
