GDPR requirements in an international deployment

(0) Share

Report

Posted on by ZvikaR

168

A question to the European implementation consultants here....

We are doing an international implementation for a company based in the USA where some of the offices/branches are in the EU.

All legal entities are envisioned to be using a single D365 F & SCM instance.

My (limited) understanding of GDPR regulations is that you are not allowed to keep any personal information stored on a server outside the EU.

It is also my understanding that simply the names of the employees are considered personal infromation.

We are not planning to implement the HR module or payroll, however we do need to populate the workers table with the name of all the employees, in and outside the EU. We do not want to use as our deployment location servers in Europe, since the vast majority of our users are based in North America and we are worried about performance / latency issues if we use an EU cloud.

Has any of you encountered that issue in an international deployment?

How do you manage to have a list of workers without being in breach of GDPR regulatations?

I have the same question (0)

All responses (3)

Answers (0)

Magno Pereira 2,435 Moderator on at

Like (0)

Report

Hey Zvika,

Here is a summary of what is typically available and relevant in relation to GDPR: learn.microsoft.com/.../gdpr-guide

You have the option to enhance privacy and control access to sensitive information such as addresses and contacts. Within the system, you may have noticed a checkbox that allows you to mark this information as private. By selecting this checkbox, you can restrict access to specific roles or individuals who are granted permission to view and handle this sensitive data.

Access to private addresses by security role - Human Resources | Dynamics 365 | Microsoft Learn

Was this reply helpful? Yes No
ZvikaR 168 on at

Like (0)

Report

I could not find in that link any answer to any of my questions.

Is it a breach of GDPR to store worker names on a cloud outside the EU?

How do companies with operations in the EU handles that?

Was this reply helpful? Yes No
André Arnaud de Cal... 301,146 Super User 2025 Season 2 on at

Like (0)

Report

Hi Zvika,

Storing worker names or private data is not an issue if there is a consent from the person. You need to ensure that the data is stored securely and not everyone has access to it if they don't need it for their work purposes.

Some private information should not be mandatory. E.g. I was asked to provide my birth date when registering on a service. There was no statement about the purpose of it. When I reached out, they told me that they would like to send birthday reminders. This is information which should not be mandatory asked and without the year, but only providing day and month, a company would also be able to send birthday wishes.

When a person is hired, then the birth date may be required for payroll and leave balance purposes. In that case, we all know it is common to provide this information.

Was this reply helpful? Yes No