How ERP can help you achieve GDPR compliance
May 25 this year the EU new general data protection regulations take effect. The date approaches us quickly – How can we use our ERP systems to achieve compliance?
Understand your requirements
GDPR requires most businesses to safeguard personal data and comply with a set of stringent requirements. In ERP that data can be payroll data. It also can be SRM or CRM contacts or suppliers and customers who provide material of services or purchase them. The regulations are broad. Any combination of data that allows identification of a person is subject to the regulations. Payroll data is obvious. A supplier contact where someone innocently added a home address and phone number some years ago is now regulated personal data. Any business that does business in Europe or with European residents must comply. Just because the business is not located in Europe, they must still know and comply with GDPR.
Find the GDPR data
Personal data records exist in your ERP in tables throughout the ERP system. Use queries or specific programs to search and identify protected personal data wherever it might be. Maintain those queries because when a person requests information regarding their data you only have a short time to reply and make take the requested action.
Develop an action plan
Many businesses must appoint a Chief Data Protection Officer and the duties of that person are spelled out in the regulations. If yours is one of these make the appointment now. Examine your personal data records. Some might be old or no longer relevant – consider erasing those right away. Other records might be necessary but data not necessary makes them subject – consider erasing that home address.
Update your business culture
Your business must follow the new GDPR and your employees and contractors are part of your business. Start that culture of responsible data management. Develop internal rules defining what data is required for your business and limiting your requests for personal data to only the minimum. Remember that in most cases newly collected data requires a specific “opt in” from the person so start now requesting and saving that input.
One new right individuals now have is the right to have their data erased or to be forgotten. Your business must be able to prove that all personal data related to people who make that request is truly and completely erased. Determine how your business will meet that rule and make the process well known and well documented.
Five ERP data requirements affected by GDPR legislation
Five data types that have been affected by GDPR, and the impacts on ERP
Three ways Big Data can make a difference to your ERP
Expect improvements in forecasting, quality assurance and more...
3 ERP Security Risks and What You Should Do about Them
Learn about ERP security risks that have arisen from changes in the ERP software market and how t...