The General Data Protection Regulation (GDPR) is coming into force from May 2018 and poses a new challenge to any CRM System to help a business operate in a compliant fashion under the new regulations for data storage, processing and handling.
Dynamics CRM and SharePoint provide a great platform to ensure a business is GDPR Compliant – however like many aspects of CRM Solutions, a good system is a start but customising CRM to ensure we have right process in place to support user adoption is key, as we can only be compliant as the processes we have in action.
In our previous article, we looked at the core tenants of GDPR and now we can look at how these can be implemented in Dynamics CRM, the resources available to help us, and the additional Apps or functionality we can use:
Dynamics tracks the Classification of Data we hold for each Contact, Lead, Internal User or Company between Organisational, Personal, Sensitive or Transactional.
In this, we can track Non-Personal Company details as Organisational as this data is freely available in the public domain.
GDPR Tracking for Personal and Sensitive Data
For Contacts however we can ensure we track our data as either Personal or Sensitive, and then supply our reason for holding this data that complies with GDPR. Dynamics then ensures that this reason is a required field for entering the Contact so Compliance is assured.
Consent is the easiest reason for a User to select as they can assume that Consent is given by the Contact in the context of them dealing with us, but this is also the hardest to justify under GDPR as other reasons to track the data are more clear justifications. As such Dynamics ensures that we supply additional details where Consent is selected as the reason to track the Personal or Sensitive Data.
This similarly applies to Internal Users within Dynamics – Dynamics will assume ‘Contractual’ as the reason for tracking his or her details.
In this way Dynamics allows us to define Business Rules for how we store and manage data to help keep us compliant.