The General Data Protection Regulation is due to become law in the UK in May 2018 and all businesses in the UK that hold or process any of their customer’s data will need to be compliant with this regulation by this time
This regulation gives EU residents and those countries doing business with them greater control over personal data. Non-compliance should be viewed as a risk both of reputation damage and of incurring financial penalties of up to 4% of annual turnover
The regulation is comparatively clear in its application to businesses using such data although it may prove problematic for those that engage in research and use old data; consent for which use can no longer be given, the use of 17th century ships’ logs for climate research is one of these examples. This grey area is still to be clarified.
It seems fair to say that individual rights are strengthened within by this regulation – the official website for all information regarding GDPR has this to say regarding the intersection between business and individual rights.
“Your lawful basis for processing has an effect on individuals’ rights. For example, if you rely on someone’s consent to process their data, they will generally have stronger rights, for example to have their data deleted.”
Microsoft’s stance and commitment to supporting their partners and customers to be compliant regarding GDPR is clear from this quote taken from their Trust Center section on Privacy:
“We understand that GDPR compliance is a shared responsibility. That is why we are committed to be GDPR compliant across our cloud services when enforcement begins on May 25, 2018.”
Microsoft identifies access to data as having a key part to play in enabling businesses to become GDPR compliant and in Dynamics 365 CRM (Cloud2020’s centre of interest) access to data is managed via Security Roles.
- Role-based securityin Microsoft Dynamics 365 allows you to group together a set of privileges that limit the tasks that can be performed by a given user. This is an important capability, especially when people change roles within an organization.
- Record-based securityin Dynamics 365 allows you to restrict access to specific records.
- Field-level securityin Dynamics 365 allows you to restrict access to specific high-impact fields, such as personally identifiable information.
However, a CRM system is not just a sales but also a marketing tool, this is the place where vigilance and proactivity is required to take on board the regulations and understand the implications for your interactions with your customers. Luckily there are several ways that Dynamics 365 and the third party applications available for it can help you.
As a marketing tool specifically built for Dynamics 365 CRM Click Dimensions has responded thus to the challenge of GDPR
“As many of you know, the General Data Protection Regulation (“GDPR”) will be effective May 2018. The GDPR regulates the collection, processing and use of personal data of EU individuals. We are currently working with a consultant to help us implement the necessary procedures to facilitate compliance in our role as a “data processor” under the GDPR. ClickDimensions customers are the data controllers.
Neither the current EU Data Protection Directive (enacted in 1995) or the GDPR prohibit processing of data outside the EU; both legislative schemes require that certain commitments are made by the data processor (ClickDimensions).
ClickDimensions is currently certified for the EU-US Privacy Shield and will be renewing this fall. We are becoming certified for the Swiss-US Privacy Shield as well. These certifications, like the EU Model Clauses, are related to data transfers and security.
We will continue to provide GDPR updates as new information becomes available. Updates from the EU Working Party are expected to be released in Q4 2017. “
However, there are several ways that it is already able to help businesses seeking to ensure that they are adhering to best practice with regard to consent and record keeping of activity already in place in Click Dimensions.
In order to be entirely sure that users are fulfilling the requirements to ensure consent there is now an option to set up “double opt-in” http://help.clickdimensions.com/setting-up-double-opt-in-with-clickdimensions/
There is also the opportunity to use “Subscription Preferences” to ensure that there is a record of consent being given to be marketed to from existing and longstanding contacts.
Ultimately though the main impact of the GDPR will be that it will require businesses to be vigilant about documenting consent given and actions taken upon receiving requests to unsubscribe or to “forget” data already given.
So, what to do now? Proactivity is the way to ensure that businesses can acheive the target of making sure that sure that they start 2018 GDPR. Start with a Discovery, what personal data do you hold, where is it kept? Move to Protect it, and Review and Plan to Control the data in the future, finally Report by documenting your actions and your plan to make sure that compliance is easy to maintain in the future.
What plans do you have to acheive compliance by 2018? Let us know either in the comments section below or by emailing us at firstname.lastname@example.org
Wendy Clifford is a writer with a longstanding interest in Technology and its impact on our lives both from a business and social sense. She can be found listening to music (analogue, digital and in a field with a Gin and Tonic), writing and reading, or scavenging for free food from the hedgerows which she turns into jellies and jams. Contact her via Twitter @wendyjoy1