GDPR – How to get started with compliance
The General Data Protection Regulation also called the GDPR, is a regulation that intends to strengthen and unify data protection for all individuals within the European Union. It is the most significant change to EU privacy law in two whole decades. The GDPR applies from May 25, 2018. In other words, in less than a year.
The GDPR in a few words
To put it short: The GDPR requires that all organizations respect and protect personal data about EU residents – no matter where it is sent, processed or stored. The GDPR concerns all organizations that process personal data in connection with goods and services to EU residents. It also concerns organizations that monitor the behavior of EU residents.
The primary objective of the new regulation is to give the control of personal data back to EU citizens and residents. Another objective is to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the data protection directive from 1995, the officially Directive 95/46/EC.
So, where do you start?
An easy place to start your journey to GDPR compliance is to focus on four simple, but crucial steps:
- Discover — Research what personal data you have and where you store this data.
- Manage — Identify how you govern the personal data, how it is used and accessed.
- Protect — Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches.
- Report — Execute on data requests, report data breaches, and keep required documentation.
The GDPR and Microsoft
To simplify the GDPR compliance, Microsoft is committing to be GDPR compliant across their cloud services when the enforcement begins on May 25, 2018. In other words, if your Dynamics platform is online, you have already come far with the GDPR compliance.
Download our whitepaper to read more about the process of migrating your Dynamics CRM solution to the Cloud and Dynamics 365.
What you can expect from Microsoft when the GDPR takes place:
- Technology that meets your needs – Microsoft has a broad portfolio of cloud services that are compliant with the GDPR obligations. This includes areas as deletion, rectification, transfer of, access to and objection to processing of personal data. AlfaPeople can help you with expert support when implementing Microsoft cloud technologies.
- Contractual commitments to GDPR – Microsoft’s customer licensing agreements for cloud services include a commitment to GDPR compliance and both Microsoft and AlfaPeople will help you through contractual commitments for cloud services, including timely security support and notifications in accordance with the new GDPR requirements.
Get to work today!
Becoming GDPR compliant before the 25th of May 2018 will become a challenge for many companies. However, if your company already today is compliant with the current data protection directive, then the work with GDPR compliance won’t be so extensive. For those companies that are not, it will require time, tools, processes and expertise. You’ll need to make changes to the organizational practices to privacy and data management. A failure to do so could be an expensive lesson. Companies that do not meet the requirements could face reputational harm and substantial fines of as much as 20 million euros, or 4 percent of annual worldwide turnover, whichever is greater. So no, you don’t want to touch lightly on this.
How AlfaPeople can help with GDPR compliance
AlfaPeople is a Gold Microsoft Partner. We are used to working with large, international projects within CRM and ERP, more precisely Microsoft Dynamics 365 solutions. These solutions often involve a great amount of personal information, security demands and Change Management. Thus, our experience makes us able to understand how the GDPR requirements need to be addressed.
AlfaPeople can help you get ready for the GDPR with a 3-step approach involving assessment and analysis of processes supported by the Microsoft Dynamics 365 platform. With a thorough analysis, AlfaPeople can provide customers with actionable insights into areas and processes affected by the GDPR, and subsequently help to prioritize, plan and implement actions which are found to be necessary to achieve GDPR compliance.
To get more information about how AlfaPeople can help you and your company getting ready for the GDPR – don’t hesitate to contact us.