I had really great audience and some excellent interactions at my Microsoft Dynamics 365 #GDPR compliance session in the stunning #Oslo at Microsoft Norway. I’ve heard and discussed several shared concerns on GDPR significant impact on #CRM solutions, its complexities and how soon the regulation is coming!
I also want to thank everyone for their positive and encouraging feedback. That’s what keep me (and other MVPs) going and make us continue to help the Dynamics 365 community in passion!
As per everyone’s request, I have incorporate our useful interactions into my slides and you can now download them via the link below on this post or on http://CRM.Boutique (free registration is required).
If you would like to attend this session again in person, then you can join me at our next Free Microsoft Dynamics 365 event in Milan at Microsoft Italy offices on 16th September 2017. This will be another great CRM Saturday event, this time in Italy.
One last off-topic point: Oslo and Norway are absolutely stunning (did I say that before?). If you haven’t been there, then try visiting soon – preferably in the summer. Make sure you: a) take the Oslo Fjord cruise, b) do the Oslo River walk and c) eat plenty of Norwegian fish (especially Salmon).
I leave you with some photos from the event and amazing Norway!
This is the third article in my series covering GDPR considerations for Dynamics 365. If you haven’t read the previous two articles, then you can read the first post here and the second article here.
In this post, I’m covering some of the highlights of GDPR and how they affect Dynamics 365. The main changes and their impact on Dynamics 365 can be summarised in the following points:
- GDPR applies to EU citizens personal data even if the data is processed outside the EU. This was not the case before. This has massive impact on outsourcing development work to teams outside of the EU as it may mean a change to implementation processes or lack of access to data to comply.
- With GDPR, you are required to have an explicit and informed consent by your data subjects (e.g. customers). This consent must be given to all entities that will process or analyse personal data. The consent should also be easy to withdraw. This is particularly important for Dynamics 365 Portals and websites to allow customers to easily withdraw their consent for you to access, process or analyse their data. This means your Dynamics 365 system and its portals must have the processes and the capability to allow for such easy withdrawal of consent.
- GDPR will give customers the right to compensation for monetary damages in the event that unlawful data processing occurs. Fines could go as high as 1 million Euros or up to 2 % of a company’s total worldwide annual turnover for non-compliance!
- Mandatory risk assessments and in-house data protection offices means you have to include rigorous Dynamics 365 data protection policies to your system and to your implementation project including everyone who may process any data in your Dynamics CRM system to be GDPR compliant.
- GDPR brings reporting requirements for every person or entity that is part of the Cloud supply chain. So every supplier and every contractor (not just employee) with access to Dynamics 365 cloud will have direct accountability and the vendor, Microsoft in this case, as well as the clients and Dynamics partners will have to satisfy reporting requirements on who can access this data.
In this post, we covered 5 main changes that GDPR will impact Dynamics 365, projects and live systems. These are really important considerations and changes that require amendments and adjustments to Dynamics 365 solutions and implementation projects.
In my next article, I’ll be covering in detail 7 areas of interest that directly impact Dynamics 365 programmes and solutions once GDPR is effective in May 2018:
- Personal Identifiable Data (PII)
- Customer Sensitive data versus Personal Identifiable Data & how to handle in Dynamics 365
- Children data
- The Right to Data Portability
- Governance and Accountability
- Incident and Breach Management
Disclaimer: I’m not a GDPR or Data Protection expert but a Dynamics 365 one. All posts on this blog including the GDPR series are provided as is and are the product of my research and understanding. Please speak to a legal or regulatory advisor if you need an expert GDPR opinion. However, you can speak to me if you need an expert #MSDyn365 opinion! 🙂