The General Data Protection Regulation (GDPR) imposes new rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where they are located. Enforcement of the GDPR regulation is approaching (May 2018). Is your Dynamics 365 ready? My fellow Microsoft MVP Mohamed Mostafa is probably one of the most expert in this field. I invite you to watch his space, specifically this conversation: https://www.nz365guy.com/gdpr-dynamics-365-mohamed-mostafa/
In this post, I want to point you to a few tools that may help you assess your Dynamics 365 tenant for GDPR compliance:
System administrators can use the User log functionality in Microsoft Dynamics 365 to keep an audit log of users who have logged on to the system. Audit logs provide answer to the following questions that may arise as part of an investigation for GDPR compliance of your system:
The User log capability allows administrators to define roles that can access sensitive data. Logs of users who have access to data that’s been declared to be sensitive can be retained separately from all other data in the log.
GDPR introduces a set of “rights” for users to regulate how their data is used and, possibly, removed from a system, or transferred. For more information about how to manage the right to view, right to modify, right to be forgotten, right to port and right to restrict processing personal data, see this article from the Microsoft Dynamics 365 for Talent documentation: Respond to a request for personal data using Talent.
The Microsoft GDPR Assessment tool is free assessment that helps you understand if your organization is ready to protect personal and sensitive data. It takes only five minutes to see where your organization falls and get important information on how to take the next steps.
The assessment is made of several questions, to which you are expected to answer in full honesty. No-one is judging the quality of your IT systems. This is purely meant to provide you with an understanding of the readiness of your systems to meet GDPR requirements, and the tools for correct any discrepancy. Questions are like:
At the end of the 10 questions, you are presented with an assessment of your current stage of data protection, and the possibility to access the “GDPR and Microsoft 365: Streamline your path to compliance” e-book to broaden your understanding of GDPR compliance, identify issues you may not have considered, and understand how Microsoft solutions can help accelerate your compliance journey.
The book provides directions to address three critical aspect of your data protection requirements:
The microsoftgdprscenarios.com web site, aptly named, exposes some typical scenarios, presented as short animations, to guide you have a better understanding of GDPR requirements and actions related to:
The site adds also a GDPR Hands on demo, aimed at technical people, hosted on the Microsoft Demos platform. The demo provides a set of fully functional Microsoft 365 environments that are configured to meet GDPR requirements.
For additional information on your journey to GDPR compliance, your starting point is microsoft.com/gdpr and, obviously, engage with the qualified community of Dynamics 365 experts that can assist properly.