The rules on what companies can do with collected data is starting to change as more privacy laws are being passed. It started with GDPR (General Data Protection Regulation) in the European Union. With it came heavy fines if you were found using collected consumer data improperly. With the regulation comes a handful of acronyms that mystify the process even more. GDPR and other laws like it don’t have to be hard to navigate once we clear up the terminology. Understanding Terms of GDPR and other Data Privacy laws is a first step toward planning how to manage customer data.
Data Controller – A person or entity that determines how to use the data.
Personal Data or Data Subject – Any information relating to identifying an actual person.
Processor – A person or entity that processes data on behalf of a Data Controller.
Customer Data – Data that you collect on customers during everyday activities.
DSR (Data Subject Requests) – A request by a Data Subject to a Data Controller to take actions such as change, restrict, or access their Customer Data you’ve collected on them.
Breach notification – This covers a breach of security that leads to the destruction, loss, alteration, or access to Customer Data a Data Controller or Processor has transmitted, stored or processed.
DPIA (Data Protection Impact Assessment) – This is an audit that Data Controllers are required to prepare in the event of ‘likely to result in high risk to the rights and freedoms of natural persons.’
Next set of terms are for DSRs which we talked about above. We will take a deeper dive into what a DSR or Data Subject Request looks like as you perform the actions. This is a high-level view of a process but yours may vary based on what data you process and where it is moved or stored.
Data Subject Requests
Discover – Search for Personal Data using in system-built tools of the individual that submitted the DSR. After discovery and you either have data or not you can perform some or all the following actions.
Access – Gather Personal Data from your system and if a copy is requested that must be sent to the Data Subject as well.
Rectify – Make changes request by the Data Subject on the Personal Data
Restrict – Reduce the processing of Personal Data to Processors or storage to be only as needed.
Delete – Permanently remove Personal Data as the request of the Data Subject
Export/Receive (Portability) – Provide an electronic copy of the Personal Data that is in a readable format.
How do I find data or audit my systems? Classifying Customer Data is the cornerstone of working with data under GDPR. Knowing the data and its formats in your system help with performing DSRs as well as regulatory audits that may be requested of you. That will depend on the tools within each system but I’m going to use Dynamics 365 Customer Engagement as an example here.
Dynamics 365 for Customer Engagement (CRM) has a few methods you can use to search for data in your system.
Providing the found data can be done easily in Dynamics by way of export to Excel which you see in the ribbon of you advanced find search. You have the option to save in either .csv or .xml formats that are readable by humans as well as programs. Dynamics 365 for Customer Engagement records also can be exported via the Common Data Service Web API.
Understanding Terms of GDPR and other Data Privacy laws, and the scope of the data you collect on your customers, is the first step in assessing your risk if you collect data in places that have these laws such as the EU, California, Virginia, and others as new laws are written. You can read more about these terms and some frequently asked questions about GDPR at the link provided below. In another article we will cover how you can use built in tools that Microsoft provides with Microsoft 365 to help companies be compliant with DSRs. Watch for that to come out soon here.
Beringer Technology Group has helped organizations across the country implement powerful, flexible, and cost-effective technology solutions since 1993. We have extensive experience helping clients migrate off legacy versions of Microsoft CRM, and into the Microsoft Dynamics 365 Cloud using the latest Microsoft technologies. Building upon the foundation of Microsoft’s world-class software, our project methodology helps businesses plan and implement solutions that drive long-term success and return on their investment. Understanding Terms of GDPR and other Data Privacy laws helps our team to furhter assist our customers in managing their clients' data.
Beringer Technology Group, a leading Microsoft Gold Certified Partner specializing in Microsoft Dynamics 365 and CRM for Distribution, also provides expert Managed IT Services, Backup and Disaster Recovery, Cloud Based Computing, Email Security Implementation and Training, Unified Communication Solutions, and Cybersecurity Risk Assessment.