If your solution / project is in Europe, built-on Microsoft Dynamics 365 and you are not aware / sure what GDPR is, then you better act fast! You need to get familiar with it very soon.
GDPR stands for General Data Protection Regulation effective from 18th May 2018.
According to Wikipedia, GDPR is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.
The primary objectives of the GDPR are to give citizens and residents back control of their personal data and to “simplify” the regulatory environment for international business by unifying the regulation within the EU.
As per the ICO, the UK’s independent body set up to uphold information rights, the GDPR applies to “controllers” and “processors”. The definitions of controllers and processes are broadly the same as those under the Data Protection Act. In short, the controller says how and why personal data is processed and the processor acts on the controller’s behalf.
If you are a processor, the GDPR places specific legal obligations on you.
For example, if you/ your organisation / your solution / your product maintains or stores records of personal data and includes processing activities, you will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR and were not as such in the Data Protection Act (DPA).
If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR.
Applying this on Microsoft Dynamics 365 solutions, especially Dynamics CRM projects, this is a significant legal obligation. The Majority, if not All, Dynamics CRM projects include the storage, maintenance and processing of personal data and hence, they will most probably fall under GDPR rules.
If you are a Dynamics 365 consultant, developer or working for a Dynamics 365 client or partner implementing Dynamics 365, then you need to be aware and ready for GDPR as it directly affects you and your work.
In my next post on GDPR, I will be covering in more details what obligations you have and how GDPR obligations affect your Dynamics 365 solution/project. So watch this space.
Please comment below if you are interested in this subject and/or if you would like to be informed about the full whitepaper I will be releasing soon about GDPR and Dynamics 365.
Looking forward to read your comments and finding out if you are interested in the whitepaper
Disclaimer: I’m not a GDPR or Data Protection expert but a Dynamics 365 one. All posts on this blog including the GDPR series are provided as is with no warranty and are the product of my research and understanding. Please speak to a legal or regulatory advisor if you need an expert GDPR opinion. However, you can speak to me if you need an expert #MSDyn365 opinion! 🙂