Blogs, Data, Data
GDPR: a nightmare for every entrepreneur?
30 November, 2017
7min. reading time
The new law General Data Protection Regulation – GDPR – is one of the largest changes of recent years in the legislation of the European Union in the field of privacy. It is not easy for organisations to comply and the fines can be immense! For entrepreneurs for whom it is difficult to understand the law, but are still to be held responsible for it, this new law is a real nightmare. GDPR is something you can’t ignore: you have to familiarize yourself with it.
The new law GDPR replaces an old law from 1995 and gives entrepreneurs time until May 25, 2018 to comply with the law. On this date, the law will come into force and from then on every individual will have the right to appeal any organisation on the guidelines of GDPR. The maximum fine is 20 million euros or 4% of the annual global turnover.
The 7 principles of GDPR
1. Transparency: The individual of whom the data is processed, is aware of it, has given permission and knows his or her rights.
2. Purpose limitation: Personal data will be collected only for a specific legitimate purpose and may not be used for other purposes.
3. Data minimization: Only data which is necessary for the intended purpose may be collected.
4. Accuracy: Personal data must be accurate and be kept up-to-date.
5. Limitation of storage: Personal data is only to be retained for as long as necessary for the intended purpose.
6. Integrity and security: Personal data must be protected from unauthorized access, loss or destruction.
7. Accountability: Those responsible must be able to demonstrate compliance with the rules.
Now we know what it’s about it already sounds better. However, what does it mean for your organisation? Where do you store personal data: your old phonebook, your address list, in your – always-up-to-date – or possible strongly outdated software package? Did you have that good administrator in service? Or the salesperson who has recorded all information of the past 20 years about your customers and their employees – including birthdays of wife and children? How quickly is old data removed from your system? And how do you make sure it is kept up-to-date?
In this blog, you will read more about GDPR and we will help you with the understanding and handling of this new law. Boltrics is driven to make new Microsoft technology usable for logistics service providers. For Microsoft it has been top priority to clarify within in a very short timeframe what has to be done about the software, the procedures and the security. Thanks to this focus, new products are equipped with all technology to comply with this legislation with which transparency, security and privacy are guaranteed. Thanks to Boltrics’ always-up-to-date philosophy, you have been provided with the last update in the last quarter. This means you are already fully on track with your software so that your – possibly most important – software package for logistics does not require a major adjustment.
The new GDPR legislation further requires a couple of new rules for organisations that offer goods and services to persons within the EU. It also concerns organisations that collect data for analyses, even if they are not established in the EU. Here are some additional rules:
- Improved person privacy rights: On request, individuals must be able to see which data has been collected by a company, to correct errors or to delete parts.
- Increased security: Especially with personal information it must be clear who has access and why.
- Compulsory notification of burglaries: Organisations are obliged to report hacks to the government as quickly as possible, but no later than within 72 hours of discovery.
- Very high fines: If you do not comply with GDPR legislation.
In order to properly understand this legislation, it is important to check what exactly this law is about. Personal and sensitive information of course concerns name, address and e-mail details. However, GDPR goes beyond those: IP-data and mobile device ID-data also count. Even location data is covered by this law. To make it easier to comply with this law, data can be made anonymous, but this would make the data unusable. It is better to code data in such a way that in many places reference is only made to a ‘token’ of characteristic. This could, for example, be an anonymous contact number without a name. Wherever personal data is not useful, only the contact number is shown. With this number, an authorized person can always find out which contact is concerned – including name and address. This can go even further with the use of an encryption key.
Within your software
You can also find data about people in your logistics application. If we then look at GDPR and the Nekrovri Dynamics and 3PL Dynamics software, the application functionality is the responsibility of the software builder. Microsoft provides all the tools to get along well with this. The data itself, the use and the visibility of this within your organisation, is the responsibility of you as an organisation. Important aspects to look at are:
- Customer, supplier and contact data: This is data that is recorded in some of the most frequently used tables within Microsoft Dynamics. These tables can contain data that is covered by GDPR legislation.
- User/log-in data: Log-in data are recorded for the use of the application and scanning applications, as well as for mobile devices.
- Payment details: Depending on where you are within the logistics chain, you may also store credit card details of customers. As soon as this can be linked to person – instead of an organisation – this falls under GDPR legislation.
In order to ensure you can comply with GDPR, Microsoft recommends following a specific roadmap:
1. Research: Determine which personal data is recorded and where.
2. Manage: Determine what you need and who can access.
3. Secure: Ensure proper security so not everyone has access to it.
4. Report: Record what you do when someone requests access to see their own data, how you report any possible leaks, and which documentation is necessary.
Boltrics can help you
In short: there is plenty to do! Boltrics can help you with the following essential matters:
- Keep the software up-to-date so that you have all the possibilities within the software to comply with the correct legislation.
- We can share information from Microsoft with you. Microsoft puts a lot of time and energy into knowledge and research to protect data. This will provide a lot of useful information.
- Setting up roles and rights and how you can use this to screen data for a part of your organisation.
- Clearing historical information. It is important to delete old data that is covered by GDPR on time or to make it anonymous. Boltrics can help you with analysis, clearing and making data anonymous. Historical overviews you use within Power BI do not have to be at expense of this.
- On request, we can provide training and give insights into all kinds of details of Microsoft.
In short: the GDPR deadline of May 25, 2018 is approaching, meaning it is time for action! Together with Microsoft, Boltrics is very driven to help you and to tell you what this legislation means for you and how you can comply with it. Check for example here whether your Microsoft Dynamics environment is compliant according to the latest requirements with Microsofts’ GDPR Assessment.
Want to know more?
Would you like to receive more information about how Boltrics can assist you with this new legislation? Send an e-mail to firstname.lastname@example.org.