How ERP can help you achieve GDPR compliance
May 25 this year the EU new general data protection regulations take effect. The date approaches us quickly – How can we use our ERP systems to achieve compliance?
Understand your requirements
GDPR requires most businesses to safeguard personal data and comply with a set of stringent requirements. In ERP that data can be payroll data. It also can be SRM or CRM contacts or suppliers and customers who provide material of services or purchase them. The regulations are broad. Any combination of data that allows identification of a person is subject to the regulations. Payroll data is obvious. A supplier contact where someone innocently added a home address and phone number some years ago is now regulated personal data. Any business that does business in Europe or with European residents must comply. Just because the business is not located in Europe, they must still know and comply with GDPR.
Find the GDPR data
Personal data records exist in your ERP in tables throughout the ERP system. Use queries or specific programs to search and identify protected personal data wherever it might be. Maintain those queries because when a person requests information regarding their data you only have a short time to reply and make take the requested action.
Develop an action plan
Many businesses must appoint a Chief Data Protection Officer and the duties of that person are spelled out in the regulations. If yours is one of these make the appointment now. Examine your personal data records. Some might be old or no longer relevant – consider erasing those right away. Other records might be necessary but data not necessary makes them subject – consider erasing that home address.
Update your business culture
Your business must follow the new GDPR and your employees and contractors are part of your business. Start that culture of responsible data management. Develop internal rules defining what data is required for your business and limiting your requests for personal data to only the minimum. Remember that in most cases newly collected data requires a specific “opt in” from the person so start now requesting and saving that input.
One new right individuals now have is the right to have their data erased or to be forgotten. Your business must be able to prove that all personal data related to people who make that request is truly and completely erased. Determine how your business will meet that rule and make the process well known and well documented.
Featured white papers
ERP Software Pricing Guide
Get the latest pricing information on over 80 popular ERP systems, and learn how to budget for your ERP project in our free guideDownload
60-Step ERP Selection Checklist
Get the comprehensive checklist for your ERP selection projectDownload
ERP Implementation: 9 steps to success
The 9 proven steps you should follow when implementing ERPDownload
The ERP go-live data load
Why proper migration of your data is integral to a successful ERP implementation
Why a food specific ERP system is a must-have
Key features and requirements food companies should consider when searching for an ERP
ERP migration steps (your ERP migration checklist)
How to construct the smoothest ERP migration plan possible