Get Quicker GDPR Compliant with Dynamics 365

Since 25. May 2018 the European General Data Protection Regulation (GDPR) is in force. Although the fines are high for violating these regulations, only 25% of the organizations in Germany seem to have implemented GDPR entirely (October 2018), according to the digital association Bitkom.

Particularly, the implementation of extensive information and documentation liabilities are expensive and time-consuming. One of the advantages of Microsoft Dynamics 365 that it already includes everything to be GDPR compliant!

So, let’s look at how the data protection regulations are ensured in Microsoft Dynamics 365.

Storage of Data

In cooperation with Oracle and IBM the TDE (Transparent Data Encryption) was developed. This technology is used for data at rest. It entirely encrypts the files in the primary and secondary (backup) memory.

But also, on the way from the application and back, the possibility of a potential loss is minimized, through constant encryption. This is guaranteed with the hybrid TLS (Transport Layer Security) encryption protocol. The online servers are protected to encounter DDoS (Distributed-Denial-of-Service) attacks. Regular stress tests are executed as well.

The Compliance Manager

The Compliance Manager is a tool to analyze the GDPR compliance of your entire cloud-based Microsoft infrastructure and their products such as Dynamics 365. With this tool, it is possible to assign tasks to employees to fulfill and meet the requirements. Compared to the Microsoft Dynamics 365 On-Premise version, it is easier to meet all the requirements with the Dynamics 365 Online version. In an event of an audit, the Compliance Manager proves GDPR compliance for your organization. You can find more information here. 

Auditing

You can activate auditing for all entities with sensitive data to prove the verification of all stored data. Creation, update and delete operations can be protocolled. Also, which users had access to what kind of data, the time frame the users were active in the system and which security roles were assigned. For achieving the GDPR compliance the auditing can be very useful.

Security Roles

With security roles, it is possible to restrict certain data to a specific user or a group of users. In this way you can determine which records can be read, updated and deleted by which users in Dynamics 365. The restriction is possible at an entity level as well as on a field level in case it is just one single information on an entity you need to restrict.

Double Opt-In for Email Marketing with ClickDimensions

Thanks to the web forms (registration forms that can be placed on the website via an iFrame) in ClickDimensions you can easily implement the double opt-in process on your website for your newsletter registration. Together with the email templates and automated contact or lead creation you have everything that is necessary to make your email processes GDPR compliant. The elementary proof of documentation is always ensured with ClickDimensions. The marketing automation tool needs to be purchased additionally but should be one of the first tools to consider if you want to take your email marketing activities in your own hands.

Be Prepared and Avoid Fines

It doesn’t mean that the entire business is GDPR compliant, just because you introduced Dynamics 365. The system and additional tools must be adapted to your needs and requirements. However, Microsoft Dynamics 365 offers everything you need to achieve GDPR conformity quicker than other organizations without Microsoft Dynamics 365.