EU new data protection rules

Miklos_HollenderMiklos_Hollender Member Posts: 1,598
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

What does this mean for us? If you book a Navision invoice to a natural person you have personal data in there: name and address. According to GDPR you should delete it after a while. ???

This is the most surprising thing I have heard but there are others. Can someone who knows this stuff summarize it what we need to do for it?

Answers

  • DuikmeesterDuikmeester Member Posts: 307
    edited 2017-12-29
    There is no need to delete such information because you do no further processing with the data. However you are not allowed to use it for either mailings or data analysis without making such data anonymous.
  • ErictPErictP Member Posts: 164
    By May 2018, all supported versions of Dynamics NAV will be updated for GDPR compliance.
    https://blogs.msdn.microsoft.com/nav/2017/12/21/make-your-dynamics-nav-solution-gdpr-compliant/
  • Slawek_GuzekSlawek_Guzek Member Posts: 1,690
    @Duikmeester Unfortunately definition of 'processing' is VERY broad. Keeping the data = processing the data.

    But, on the other hand, the GDPR requirements can be overwritten by another regulation/law. The tax law requirements for example ca overwrite some of GDPR rules - so keeping the personal data (Customers / Vendors and corresponding ledgers) for tax purposes constitutes a lawful processing of the PII data - which means that indeed we do not have to do anyting with them - at least for as long as the tax law requires you to keep the records.

    @ErictP Unfortunately it seems that for Microsoft this is just yet another cloud selling point. "Get GDPR compliant with the Microsoft Cloud". I've been watching recently some Microsoft webinars, GDPR related, and unfortunatley they were basically saying 'move to MS cloud look how great it is...'
    Slawek Guzek
    Dynamics NAV, MS SQL Server, Wherescape RED;
    PRINCE2 Practitioner - License GR657010572SG
    GDPR Certified Data Protection Officer - PECB License DPCDPO1025070-2018-03
  • Miklos_HollenderMiklos_Hollender Member Posts: 1,598
    The white paper is out: https://blogs.msdn.microsoft.com/nav/2018/03/07/get-gdpr-compliant-with-dynamics-nav/

    OK it seems to me the primary thing is to act on a customer or other natural persons request to modify, delete, export etc. personal data.

    Do we really need these tools in the cumulative update? Looks like a lot of merging to do and at the end of the day it seems fairly intuitive that if a retail customer calls to delete their email address you do it on the customer card.
  • Slawek_GuzekSlawek_Guzek Member Posts: 1,690
    ..it seems fairly intuitive that if a retail customer calls to delete their email address you do it on the customer card.

    IF you have it only on customer card, and if you are 100% sure about that. And - what's also important, and will be even more important if you had to deal with local Authority investingating a complaint - if you can prove to the Authorities that you have done enough to have a valid reasons to think that customer email address is only on customer card

    A little teaser here : Table 405?

    Slawek Guzek
    Dynamics NAV, MS SQL Server, Wherescape RED;
    PRINCE2 Practitioner - License GR657010572SG
    GDPR Certified Data Protection Officer - PECB License DPCDPO1025070-2018-03
Sign In or Register to comment.