web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / Data protection for em...
Microsoft Dynamics AX (Archived)

Data protection for employee data in global HR implementation

(0) ShareShare
ReportReport
Posted on by svantessonanna 5

I have some questions related to data security for HR data in AX 2012. I have a client with headquarters in a European country, but the group contains several companies in USA and Asia. Their plan is to implement HR globally, which means that personal information about all employees will be in AX. They have one AX 2012 CU8 installation, and the database is located in a country within the EU. My concern is about the different data security and data protection laws that we have to consider in this case. For example – data for the US employees will initially be fed into AX from another HR system in the US. This means, as I understand it (I might be wrong) that personal information for US citizens is sent outside the US, to a country in the European union. We will use strict security setup and XDS policies to control who can see personal information, but the global HR manager for example resides in the EU and she will have access to all information for all employees, including those in US, China etc. 

My first question is – can the client run into legal problems with this setup?

 

My second question is – where can I find the information and resources needed to determine what (if any) measures we have to take in order to set the system up in a way that is compliant with all relevant laws? Are there any guidelines or general recommendations available somewhere? 

I understand that legally the responsibility falls on the client but they need guidance and it is our responsibility as consultants to know on a general level what to recommend and not. 

Thanks, 

Anna

*This post is locked for comments

I have the same question (0)
  • André Arnaud de Calavon Profile Picture
    André Arnaud de Cal... 300,911 Super User 2025 Season 2 on at

    Hi Anna,

    You can only assist in setting up the security part for this customer. The customer needs to inform you about the laws and what data needs to be secured for which persons/countries. You cannot know about all laws in the world. You are therefor not responsible for something the customer is not telling you.

    With a wrong setup, the customer might run into issues. The same is valid when they commit fraud. It is not your issue. You only have to help doing the security setup based on their input.

  • Suggested answer
    Vilmos Kintera Profile Picture
    Vilmos Kintera 46,149 on at

    There are no such information and guidelines available straight from Microsoft or partners. You need to contact a legal adviser with global IT / Intellectual Property practice specialized in data security and data handling in order to get the right answers, but they are not cheap.

    Microsofts' answers on this is that they are providing the framework of setting up the security the way you want, pushing responsibility on your lap. Additionally certain versions of AX and SQL Server provides the option to transparently encrypt some sensitive data columns in the database, so someone even with a System Administrator rights would not be able to access that information. However, there are some disadvantages, namely wildcard searching on such fields are not possible if I remember correctly. To be honest, I have never seen it in use, only database backup encryption.

    The way to go around is to use a general terms and privacy policy written by such a law firm, applicable for the employees, where you make them sign that they will not misuse information based on international regulations, thus covering the company's data handling obligations.

  • svantessonanna Profile Picture
    svantessonanna 5 on at

    Hi,

    Thank you for your replies. I do understand that this is not my responsibility. However what we as a partner need to know is if there are legal issues preventing the kind of solution we are proposing. By that I mean on a general level, like if it is possible or not possible to store employee data for US employees in the EU.

    I have contacted our legal department and our HR department in the US and will seek the answers there. I am still interested in experiences in this area from other AX partners however.

    Regards,

    Anna

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
Martin Dráb Profile Picture

Martin Dráb 4 Most Valuable Professional

#1
Priya_K Profile Picture

Priya_K 4

#3
MyDynamicsNAV Profile Picture

MyDynamicsNAV 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans