Talking Dynamics

Glass fronted buildings

Achieving GDPR compliance on an older NAV database

In a previous blog post, I spoke about the implications of the sweeping new privacy laws introduced by the General Data Protection Regulation (GDPR) in the EU and some of the actions Microsoft has been taking to support their customers and reseller partners to be compliant in the brave new world of data privacy and security.

Along with white papers and compliance guides, Microsoft has set up a new GDPR demos page to help organisations of all sizes to understand what is required of them and avoid the steep penalties that come with failing to meet the new data protection requirements.

Businesses can be fined up to 20 million euros or 4% of annual global turnover, whichever is greater, for a failure to comply.

In terms of MS Dynamics NAV, Microsoft has said solutions within mainstream support will be updated with tools to aid GDPR compliance. This includes the addition of a data classification property on tables and fields to enable the filtering of data based on sensitivity level.

But these updates are only available on the 2015 to 2018 versions, and Microsoft’s new cloud-based NAV product Dynamics 365 Business Central.

Microsoft has advised that the older, unsupported NAV versions will not be updated.

So where does that leave the thousands of small-to-medium sized businesses who invested heavily in their ERP systems between five and 10 years ago and do not want the upheaval of upgrading?

A simple plug-in, such as that offered by NAVGDPR, could be the answer.

Julian Dalton, co-founder and chief operating officer at NAVGDPR and his partner Charles Singleton, chief technology officer, tell Conspicuous why they created the technology and how it works.

Q: So, how does it work?

Julian: NAVGDPR is a toolkit add-on that works seamlessly with all NAV systems in any industry sector. It adds key functionality for businesses to be able to organise and manage their data in line with the very complex requirements under GDPR and is configurable according to the needs of the industry and sector.

Q What made you build this?

Julian: Typically, ERP systems were written to simply collect data but not really geared to manage it, delete it on request or remove it in a timely manner as some of the new requirements demand. Some businesses, including retailers, mobile phone firms and car companies will have personal customer details going back decades: names, addresses, bank and even pension details. About a year before GDPR was introduced, we found that HR departments were concerned about its ramifications, and engaging with it on a high level, but there was a huge gap at the micro level. How was the business actually going to be managing these data requests and making sure they were using personal information only in the way it was intended? Our toolkit can help these businesses categorise their data, offer advanced protection for sensitive data and automatically encrypt and delete personal data based on a specified retention period.

Q: Can you go into a bit more detail?

Charles: The most important additions are the inclusion of a data classification filter that enables a business to link up all relevant information including how long the data should be stored for and the data base scan tool, which will generate all linked data around a subject, offering an accurate representation of where the data is stored.

Edit - Data Subject Type Card - Customer

Q: Being able to process day-to-day requests for data protection is key to GDPR compliance. How does NAVGDPR deal with that?

Julian: There is a tag off the home page called Data Protection Request Card, where you can fill out the fields for the particular data protection request. Under the Request Type field, there is a list of different types of requests, including right of access, right to data correction, right to restriction of data processing and right to erasure. Registering the appropriate request will generate a report with all the relevant information appropriate to the request. This will include information about a firm’s data protection officer if they have one, what information you hold about the person and what their rights are. Data can be manually encrypted from there if required – and reversed if need be.

Edit - Data Protection Request Card - Erasure

Q: Are there other benefits?

Charles: Our product is a simple plug-in and will not update your ERP system in the way that a Microsoft update would. So, you won’t have to waste time testing it to make sure that there are no glitches. Also, We have put safeguards in place before data is deleted, providing a back-up copy for a certain number of days. The flexibility of the product is key. We continue to work with our customers to make sure it reflects their business needs.

Q: How are you selling NAVGDPR into the market?

Julian: We have a worldwide distribution agreement with Xenatus Global who manage the reseller channel on our behalf. We work with numerous resellers around Europe and, like K3 in the UK and Holland, who believe we offer the best one-stop shop solution for NAV-based GDPR compliance.

In the run-up to GDPR in May, you couldn’t move for warnings of GDPR non-compliance and emails, articles, reports and guidance claiming to support firms get in shape. While, the noise has quietened down, GDPR is here to stay and the regulators will start to get tough once the dust settles.

We look forward to how NAVGDPR evolves with more sophisticated customer requirements, and the emergence of other technologies to support GDPR compliance for NAV and MS Dynamics 365 clients.

Get in touch with Conspicuous to talk about Dynamics 365 resourcing, or to discuss adding NAVGDPR to your Dynamics solution.

Get in touch

Leave a Reply

Your email address will not be published. Required fields are marked *