How ERP can help you achieve GDPR compliance
May 25 this year the EU new general data protection regulations take effect. The date approaches us quickly – How can we use our ERP systems to achieve compliance?
Understand your requirements
GDPR requires most businesses to safeguard personal data and comply with a set of stringent requirements. In ERP that data can be payroll data. It also can be SRM or CRM contacts or suppliers and customers who provide material of services or purchase them. The regulations are broad. Any combination of data that allows identification of a person is subject to the regulations. Payroll data is obvious. A supplier contact where someone innocently added a home address and phone number some years ago is now regulated personal data. Any business that does business in Europe or with European residents must comply. Just because the business is not located in Europe, they must still know and comply with GDPR.
Find the GDPR data
Personal data records exist in your ERP in tables throughout the ERP system. Use queries or specific programs to search and identify protected personal data wherever it might be. Maintain those queries because when a person requests information regarding their data you only have a short time to reply and make take the requested action.
Develop an action plan
Many businesses must appoint a Chief Data Protection Officer and the duties of that person are spelled out in the regulations. If yours is one of these make the appointment now. Examine your personal data records. Some might be old or no longer relevant – consider erasing those right away. Other records might be necessary but data not necessary makes them subject – consider erasing that home address.
Update your business culture
Your business must follow the new GDPR and your employees and contractors are part of your business. Start that culture of responsible data management. Develop internal rules defining what data is required for your business and limiting your requests for personal data to only the minimum. Remember that in most cases newly collected data requires a specific “opt in” from the person so start now requesting and saving that input.
One new right individuals now have is the right to have their data erased or to be forgotten. Your business must be able to prove that all personal data related to people who make that request is truly and completely erased. Determine how your business will meet that rule and make the process well known and well documented.
Featured white papers
ERP Software Pricing Guide
Get your comprehensive guide to the cost of ERP softwareDownload
60-Step ERP Selection Checklist
Get the comprehensive checklist for your ERP selection projectDownload
ERP Implementation: 9 steps to success
The 9 proven steps you should follow when implementing ERPDownload
Five key ERP features for e-commerce businesses
Key ERP features for e-commerce companies to look for when selecting new software
Handling your ERP data migration and transfers
The types of ERP data transfer and which you should choose for your data migration
Five ERP data requirements affected by GDPR legislation
Five data types that have been affected by GDPR, and the impacts on ERP