How GDPR compliance will affect your ERP system
Throughout the EU, the GDPR or General Data Protection Regulation has taken effect. This set of regulations protects individual’s name and address, health and genetic data, biometric, racial and ethnic, sexual orientation, political opinions, and web data such as cookies. Since much of this data is contained in ERP systems, those ERP systems must protect all that data.
Employees and contractors
Employee records are obvious. These contain names, addresses, tax ID numbers, and family relationships. Any business with a payroll keeps this data. Contract workers too are covered. ERP has their tax ID and much of the same data as a payroll system.
Customers and suppliers
Customer and supplier relationship management systems often contain a lot of data. Some of the people in those systems are sole proprietors and their data is extensive. Look into any big company and there might be hundreds of contacts established at the company over time. Most of these are benign as they only contain a name and an office telephone number. However, what happens when someone added a personal address and phone number? They were planning a weekend outing and used the ERP just because it was convenient. This happened years ago and is long forgotten but here is protected personal data in the ERP.
ERP data tables
ERP systems contain data in thousands of tables throughout the system. Businesses now must search the databases and find any data subject to the new regulations. Next, the businesses must establish policies and practices that conform to those regulations and train ERP system users to comply.
What businesses must comply?
Any business with a presence in the EU must comply. In addition, any business that processes personal data of European residence must comply. This last category includes banks, insurance companies, credit card processors, and many businesses one might not expect at first glance. Potential penalties of those who are not compliant can be expensive and will likely be strictly enforced.
People who benefit
Residents of the European Union now will have significant improvements to secure their personal data. Most data must have a positive “opt in” before it can even be collected. The EU resident can request his data be transferred to another keeper so the data is portable. People have the right to have their data erased and this requires a business to completely forget the person and their relationship. There are rules regarding notification when a data breach occurs or is suspected. Many businesses will need to appoint a Chief Security Officer and the regulations describe duties that person is in charge of enforcing.
What will happen next?
The regulations are still very new, and precise rules will be worked out over time. However, since most businesses in Europe and doing business in Europe are subject to the rules and those businesses use ERP systems to manage their data, there is work to be done that will affect ERP.
Featured white papers
70 features to look for in your next ERP
A comprehensive guide to help you identify requirements for your ERP selectionDownload
60-Step ERP Selection Checklist
Get the comprehensive checklist for your ERP selection projectDownload
ERP Selection Survival Guide
Get your free survival guide to ERP selectionDownload
How to conduct a thorough ERP audit
The types of ERP audit, and step-by-step instructions on how to audit your ERP system
5 steps to successful ERP requirements gathering
Five critical steps to successful ERP requirements gathering
7 ERP features every omnichannel retail business needs
Exclusive guest blog from Brightpearl