What is GDPR?

GDPR – the General Data Protection Regulation is a regulatory framework adopted by the EU to strengthen data protection and give control back to EU residents over their personal data. Adopted in April 2016, the regulations become enforceable on May 25, 2018.

How Does GDPR effect my organization?

If you are not an EU based business, you may not think that GDPR has any effect on you, but you would be wrong. Instead, the scope of the law is extended to foreign companies that process data of EU residents. So even if you are based in the US, you may have the personal data of EU residents in your databases. According to the European Commission “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”

Dynamics 365 and GDPR

Now if you use Dynamics 365 it is very likely that you may have collected personal data from your clients, web forms, Voice of the Customer surveys or LinkedIn. All of this collected data must be handled very carefully to ensure that no data breaches occur and that it is handled in a prescribed manner. Dynamics 365 and Office 365 have very robust security models that are designed around protecting data, but no system is perfect and every organization should perform a security assessment.

Microsoft and the Compliance Manager

Microsoft has a vested interest in ensuring that its clients are compliant with GDPR and has been at the forefront of providing resources so those clients have a clear path to compliance. Over the past two years the Microsoft Cloud, including Dynamics 365, Office 365 and Azure have developed the technology and contractual commitments to aid in this compliance. The Microsoft Trust Center (https://www.microsoft.com/en-us/trustcenter/ is a one-stop shop for guidance and tools which assist in preparing for GDPR compliance.

Compliance Manager https://servicetrust.microsoft.com/ComplianceManager is a free tool designed by Microsoft allowing its clients to analyze their Microsoft Cloud Solutions and determine the steps required to be adopted by companies to ensure these Cloud Solutions are compliant with various data protection schemas, including HIPPA, ISO, and GDPR.

The Compliance Manager tool includes the following capabilities:

• Intelligent scoring that reflects your organization’s compliance posture against data protection regulations and standards.
• Recommended actions for business policies and cloud-based features and services that improve your organization’s data protection capabilities and regulatory compliance posture.
• Activity and evidence tracking that helps you centralize your organization’s compliance-related activities and provides a secure evidence repository that is accessible only by authorized individuals in your organization.
• Detailed reports of assessment activities that combine Microsoft’s and your organization’s assessment information into a single Excel file that can be provided to internal and external auditors and regulators.

The dashboard shows progress for actions that need to be completed by Microsoft as well as actions that need to be completed by the organization.

Additional Assessment, for example for Dynamics 365/GDPR can be added by clicking on Add Assesment Filter and selecting the product (Dynamics 365) and the Assessment desired (GDPR)

The Dynamics 365 Assessment tile is added to your Dashboard. There are two sets of actions to be completed – a set of 61 that must be completed by the customer, and another set that will be completed by Microsoft. As of today the Microsoft Managed Actions have not been updated but should be active by the end of March 2018.

Click on the Actions button to start your GDPR assessment. You will see a list of Customer Managed Controls, divided into specific sections.

There are currently 61 Customer Managed Controls. These controls can be assigned to specific members of your team, with Priorities and due dates. Documents can be uploaded and Testing results posted.

As you complete more of the Customer Managed Controls, you come closer to achieving GDPR compliance of your Dynamics 365. The information stored in the different Assessments available on Compliance Manager can help your organization perform the self-analysis required to ensure that GDPR compliance is in place and well documented.

Are you Ready for GDPR?

The GDPR regulations become enforceable in May 2018. If you have any sort of personal data of EU residents in your CRM, the regulations apply to you. Don’t risk any security breaches. If you are in doubt at all, you should perform a security assessment and take the needed actions to ensure you are GDPR compliant.

How Can We Help?

GDPR compliance is important to almost all companies and is time sensitive. As of today, compliance is required within 2 months. enCloud9, along with your legal counsel and other experts, is here to help you on that path. Contact us today for assistance in this process.