It’s now less than a year until the GDPR comes into play, yet many decision-makers and business leaders are still unsure of what it is and how they can prepare to make sure they don’t get stung with a heavy fine come May next year. We’ve put together this easy guide for Microsoft Dynamics NAV users to understand exactly what is and isn’t covered in their current solution.
What is the GDPR?
The General Data Protection Regulation (GDPR) is the new EU law for the protection of personal data which will come into place from 25th May 2018. It will replace the Data Protection Act 1998 in the UK. The GDPR applies to “personal data”, which includes any information relating to an identifiable person. There is no distinction between a person’s private, public, or work roles. Personal data can include names, email addresses, social media posts, location, bank details, IP addresses and cookies.
For UK businesses, Brexit does not mean a quick getaway from the looming GDPR. Firstly, the GDPR affects any business that collects and stores data on EU residents and is not reliant on the business itself being based within the EU – if you collect data on EU residents, you must comply. Secondly, by the time Britain actually leaves the EU, the new GDPR regulation will already be in place. Theresa May has already confirmed that ‘existing EU laws in force in the UK would be converted into full UK laws’.
Under the new regulation, EU residents will have the right to access readily-available information in plain language about how personal data is used, access personal data, have personal data deleted or corrected and restrict or object to the processing of personal data, such as for marketing or profiling purposes. Businesses can be fined up to €20m or 4% of annual global turnover, whichever is greater, for failure to meet the requirements of the GDPR.
What can NAV users do to prepare?
You’ll be pleased to know that, as a Dynamics NAV user, you already have a lot of the GDPR guidelines covered:
User IDs and Passwords
As an administrator, create user IDs and passwords to limit access to the information in Microsoft Dynamics NAV to selected individuals. Because the Dynamics NAV database is on SQL Server, the Dynamics NAV security system and SQL Server security system work together to help ensure that only authorised users can gain access to the Dynamics NAV database. Dynamics NAV also uses a safe, encrypted connection to the data centre, ensuring security is not compromised from outside your organisation.
The Microsoft Dynamics NAV security system allows you to control which objects or tables a user can access within the database. You can specify the type of access that each user has to these objects and tables, whether they are able to read, insert, modify, delete or execute data. You can also give and take away permissions in real time, ensuring that users only access the sensitive information required for their role at the time they need it.
Microsoft Dynamics NAV makes it super easy to prove that your business complies with the GDPR. The accountability principle requires you to prove that you comply with various points on a checklist, many of which happen to be part of NAV’s basic specification. Therefore, by having implemented an up to date version of NAV, your business automatically complies with many of the stipulations of the GDPR.
The only thing more to take care of is to identify and secure any other personal data in your business. You’ll want to conduct a full audit of this – including what data is held where and how it is used. You’ll also need to make sure your staff are sufficiently trained to comply with the GDPR and are aware of what it entails.
According to a report by security firm Blue Coat, just 2% of more than 15,000 enterprise cloud applications are GDPR-ready, Microsoft Dynamics NAV 2017 is one of them. Be ready.
You can learn more about the security features of Microsoft Dynamics NAV 2017 by downloading the capability guide. If you are concerned about your compliance with the GDPR, contact us today to discuss further.