Microsoft Dynamics NAV/Business Central and GDPR

In our final blog of the GDPR series we aim to bring together all of the information we have shared so far.

The GDPR is a comprehensive piece of legislation, bringing the most significant changes to data protection law in the EU in over a decade. Whilst we aren’t GDPR specialists, we have endeavoured to highlight some of the key points which may affect you in this blog ‘GDPR – What will the changes mean to you’.

There are no singular actions you can take to be compliant, it is going to take a collective organisational effort. We have the support of Microsoft, who are dedicated in continually enhancing Microsoft Dynamics NAV/ Business Central to support users with compliance. You can read their blog ‘Get GDPR compliant with the Microsoft Cloud’ here.

Microsoft recommend 5 Key steps to GDPR Compliance:

1: Discover – Identify personal data and where it resides in your NAV system

2: Manage – Grovern how personal data is used

3: Protect – Establish security controls to protect your data

4: Protect – Establish controls to detect breaches

5: Report – Executre on data requests and required documentation

 

If you attended our GDPR Tool webinar you may see the correlation between the functionality and reporting offered in our tool and the GDPR directives it compliments.

If you would like to watch this webinar please drop me an email on samantha.shaw@totalenterprisesolutions.co.uk

 

GDPR and the Key Players Leading the Change

The General Data Protection Regulation is the biggest change to data protection in over twenty years. Coming into force on the 25th of May, and potentially bringing business crippling fines GDPR is an important topic.

As a Microsoft Partner with a strong security conscience, we are ISO 27001 certified. We have kept a watchful eye on all things GDPR and are running a content series to share what we have learnt. We have had BSI into our HQ to educate our team on GDPR and this week marks our first content release.

What you can expect from our GDPR series:

  •  GDPR and the Key players leading the change
  •  GDPR, what the changes will mean to you
  •  Introducing our GDPR tool, how it can increase your compliance

Week commencing 16th  of April – GDPR webinar – showcasing our GDPR tool, automate your obligations.

 >>     Webinar showcasing GDPR tool Thursday 19th of April 14:00 – 14:30 – Register for your place here.    <<

 

Who are the Key players in GDPR?                                                                             

The Trialogue –

The European Commission

The EU Council

The European Parliament

The European Commission is the EU’s politically independent executive arm. It alone is responsible for drawing up proposals for new European legislation, and it implements the decisions of the European Parliament and the Council of the EU. It’s member are a team or ‘college’ of commissioners, one from each EU country, and is based in Brussels, Belgium.

The Commissions role is to promote the general interests of the EU by proposing and enforcing legislation as well as by implementing policies and the EU budget.

The European Parliament is the EU’s law-making body. It is directly elected by EU voters every 5 years. The last elections were in May 2014. It currently has 751 MEPs and has locations in Strasbourg, Brussels and Luxembourg. Germany currently has the most MEPs at 96.

The three main roles of the European Parliament include;

  1. Legislative. Passing EU laws, together with the Council of the EU, based on European Commission proposals, international agreements, deciding on enlargements and reviewing the commission’s work programme.
  2. Supervisory. Democratic scrutiny of all EU institutions. Electing the Commission President and approving the Commission as a body. Along with questioning Commission and Council and election observations
  3. Budgetary. Establishing the EU budget, together with the Council and approving the EU’s long-term budget, the ‘Multiannual Financial Framework’.

The European Council brings together EU leaders to set the EU’s political agenda. It represents the highest level of political cooperation between EU countries. Its members are the heads of state or government of EU countries, the European Commission’s president, high representatives for foreign affairs and security policy. One of the EU’s 7 official institutions, the Council takes the form of summit meetings between EU leaders, chaired by a permanent president.

Their collective goals and why

The GDPR is not designed to bring a radical overhaul of the data protection law, rather an enhancement of the existing law. The UK Data Protection Act is being evolved to be inline with GDPR

The data protection law came into force in 1995 when the internet was in its preliminary stages. Now our Digital DNA is everywhere we go it is vital we protect our data. Different countries interpreted the data protection act differently, GDPR aims to bring a unified set of requirements.

This will give us:

  • Consistency of interpretation and enforcement
  • Ensure a high Data Protection across the industry
  • Reinforce individuals rights – privacy by design and by default
  • Strengthen the EU internal marketing through new, clear and robust rules for the free movement of data.
  • Improved data protection standards.

The GDPR will remove any ambiguity within the EU, as 28 laws become 1.

Once the GDPR goes live the new ‘European Data Protection Board’ (EDPB) will replace the Article 29 Working Party.

Brexit.

The UK government have confirmed that the UK will be implementing the General Data Protection Regulation (GDPR). The Secretary of State said:

‘We will be members of the EU in 2018, and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection, while maintaining high levels of protection for members of the public.’

It’s clear the GDPR is something we all need to start preparing for. Brexit or not we need to all be compliant by the 25th of May.

Next week in the GDPR series we will delve into the specific pain points GDPR may bring to your organisation and discuss how to overcome them.

If you would like to download ‘GDPR and Microsoft 365 streamline your path to compliance’ eBook, click here.

 

If  you would like to know more about the training course we completed with BSI you can find it here. 

Charities hit with £880,500 fines this April. Could have been fines of £69 Million if GDPR was in force.

Charities hit with ICO fines in April 2017 equated to £880,500. If the GDPR was implemented this could have been in the region of £69 million.
The biggest change to the data protection act in over twenty years is coming into force the 25th of May 2018. Cracking down on organisations who fail to comply like never before.

You can read more about the fines here.

With less than 12 months until the GDPR comes into force, we are urging our customers to prepare and prevent being fined. Or worse, having a data breach and losing any sensitive data.

Breaches of some provisions by businesses, which law makers have deemed to be most important for data protection, could lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater, being levied by data watchdogs.

It is more important than ever to ensure that you are working with companies that are aware of these regulations, are accredited and committed to protecting your interests. TES with our ISO 27001 certification have been striving hard to protect our customers, and are now focused on complying with GDPR changes coming into force 2018.

Your Microsoft Dynamics NAV system has a variety of configurations which will enhance your compliance.  It may also be time to consider moving to Microsoft Azure. A cloud based server where Microsfoft takes the work out of securing the data, and does it in compliance with GDPR for you.

Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations. The GDPR is an important step forward for clarifying and enabling individual privacy rights. Microsoft Dynamics NAV, and Microsoft Azure can help you focus on your core business while efficiently preparing for the GDPR.

Consider moving your infrastructure into the cloud, this reduces your risk of breaching GDPR. Microsoft Azure is a cloud based server that has a dedicated Azure Security Centre. Security and privacy are built right into the Azure platform, beginning with the Security Development Lifecycle (SDL). The SDL addresses security at every development phase, from initial planning to launch, and ensures that Azure is continually updated to make it even more secure. Operational Security Assurance (OSA) builds on SDL knowledge and processes to provide a framework that helps ensure secure operations throughout the lifecycle of cloud-based services. Azure Security Center makes Azure the only public cloud platform to offer continuous security-health monitoring.

There are many steps you can take to protect your organisation from a data breach when the GDPR comes into force. If you would like any further information as to how we can have you with the impending GDPR regulations please do not hesitate to contact us

Why not download our free guide to Beginning your GDPR Journey in our downloads section.