How ERP can help you achieve GDPR compliance

May 25 this year the EU new general data protection regulations take effect. The date approaches us quickly – How can we use our ERP systems to achieve compliance?

Understand your requirements

GDPR requires most businesses to safeguard personal data and comply with a set of stringent requirements.  In ERP that data can be payroll data. It also can be SRM or CRM contacts or suppliers and customers who provide material of services or purchase them.  The regulations are broad. Any combination of data that allows identification of a person is subject to the regulations. Payroll data is obvious. A supplier contact where someone innocently added a home address and phone number some years ago is now regulated personal data.  Any business that does business in Europe or with European residents must comply. Just because the business is not located in Europe, they must still know and comply with GDPR.

Find the GDPR data

Personal data records exist in your ERP in tables throughout the ERP system.  Use queries or specific programs to search and identify protected personal data wherever it might be.  Maintain those queries because when a person requests information regarding their data you only have a short time to reply and make take the requested action.

Develop an action plan

Many businesses must appoint a Chief Data Protection Officer and the duties of that person are spelled out in the regulations.  If yours is one of these make the appointment now. Examine your personal data records. Some might be old or no longer relevant – consider erasing those right away.  Other records might be necessary but data not necessary makes them subject – consider erasing that home address.

Update your business culture

Your business must follow the new GDPR and your employees and contractors are part of your business.  Start that culture of responsible data management. Develop internal rules defining what data is required for your business and limiting your requests for personal data to only the minimum.  Remember that in most cases newly collected data requires a specific “opt in” from the person so start now requesting and saving that input.

One new right individuals now have is the right to have their data erased or to be forgotten.  Your business must be able to prove that all personal data related to people who make that request is truly and completely erased.  Determine how your business will meet that rule and make the process well known and well documented.


author image
Tom Miller

About the author…

Tom completed implementations of Epicor, SAP, QAD, and Micro MRP. He works as a logistics and supply chain manager and he always looks for processes to improve. He lives near San Francisco Bay in California and can be found on the water in his kayak or on the road riding his motorcycle. Contact Tom at

author image
Tom Miller

Featured white papers

Related articles