How GDPR compliance will affect your ERP system

Throughout the EU, the GDPR or General Data Protection Regulation has taken effect.  This set of regulations protects individual’s name and address, health and genetic data, biometric, racial and ethnic, sexual orientation, political opinions, and web data such as cookies.  Since much of this data is contained in ERP systems, those ERP systems must protect all that data.

Employees and contractors

Employee records are obvious.  These contain names, addresses, tax ID numbers, and family relationships. Any business with a payroll keeps this data. Contract workers too are covered.  ERP has their tax ID and much of the same data as a payroll system.

Customers and suppliers

Customer and supplier relationship management systems often contain a lot of data.  Some of the people in those systems are sole proprietors and their data is extensive.  Look into any big company and there might be hundreds of contacts established at the company over time. Most of these are benign as they only contain a name and an office telephone number. However, what happens when someone added a personal address and phone number? They were planning a weekend outing and used the ERP just because it was convenient. This happened years ago and is long forgotten but here is protected personal data in the ERP.

Check out these key compliance features for your ERP to ensure your system meets your regulatory requirements

ERP data tables

ERP systems contain data in thousands of tables throughout the system.  Businesses now must search the databases and find any data subject to the new regulations.  Next, the businesses must establish policies and practices that conform to those regulations and train ERP system users to comply.

What businesses must comply?

Any business with a presence in the EU must comply. In addition, any business that processes personal data of European residence must comply.  This last category includes banks, insurance companies, credit card processors, and many businesses one might not expect at first glance. Potential penalties of those who are not compliant can be expensive and will likely be strictly enforced.

People who benefit

Residents of the European Union now will have significant improvements to secure their personal data. Most data must have a positive “opt in” before it can even be collected. The EU resident can request his data be transferred to another keeper so the data is portable.  People have the right to have their data erased and this requires a business to completely forget the person and their relationship. There are rules regarding notification when a data breach occurs or is suspected.  Many businesses will need to appoint a Chief Security Officer and the regulations describe duties that person is in charge of enforcing.

What will happen next?

The regulations are still very new, and precise rules will be worked out over time.  However, since most businesses in Europe and doing business in Europe are subject to the rules and those businesses use ERP systems to manage their data, there is work to be done that will affect ERP.

author image
Tom Miller

About the author…

Tom completed implementations of Epicor, SAP, QAD, and Micro MRP. He works as a logistics and supply chain manager and he always looks for processes to improve. He lives near San Francisco Bay in California and can be found on the water in his kayak or on the road riding his motorcycle. Contact Tom at

author image
Tom Miller

Featured white papers

Related articles