On May 25, 2018, a comprehensive data privacy and protection overhaul in European Union law was implemented. The General Data Protection Regulation (GDPR), a replacement of the culmination of online data legal mandates set forth by the EU since its inception, will ultimately redefine individual data subject rights for citizens of member states. The greatest impact of this legislation will be the compliance procedures required of organizations processing the personal information of EU citizens, which failure to meet can result in fines of up to 20 million euros (approximately $25 million) or 4 percent of annual worldwide revenue – whichever is greater.
If any of your operations incorporate the personal data of individuals living in the EU, then the GDPR will greatly affect your data collection and privacy processes. The new law places greater emphasis on maintaining transparency and culpability in relationships with data subjects. If you use an Enterprise Resource Planning (ERP) system as a database for your employee and customer information, then you will need to review all of your data management and cybersecurity procedures to ensure that you are compliant with GDPR.
Here are a few ways GDPR will affect how you process data in your ERP:
Current and Future Data Management
The GDPR expands the definition of personal data to include anything that could possibly be used to identify an individual. This can include seemingly unrelated information, such as race and gender preference. Any indicators that can contribute to building a profile around a person may be considered personal data, even if it does so indirectly.
Any such data of EU residents you currently have in your databases will need to be reviewed to determine compliancy, as will the defensive and privacy measures you have in place to protect that information. The GDPR requires you to have a certain level of cybersecurity protection in place and to maintain regular testing of your system to verify its viability. In the event of a breach, you must immediately inform a regulatory agency within 72 hours.
Data collection methods will also be significantly affected by GDPR obligations. The GDPR makes modifications to the definition of consent concerning digital information submission so that organizations are required to have clear affirmations of approval. Personal data must be obtained with deliberately worded statements of agreement.
Even after data is collected, individuals will still maintain some control over it under the GDPR. They must be able to move their data at their own discretion, and they will have “the right to be forgotten,” or the right to have their information removed from your databases. Data subjects will also have the right to have their personal data modified if any segment is found to be inaccurate.
Client data entered into a Customer Relationship Management (CRM) module may fall under the jurisdiction of the GDPR if it includes personal information from an EU citizen. It will require additional effort to ensure data entered into CRM databases meets compliancy standards. You may also have to modify how customer data is collected and managed to meet the GDPR’s criteria for privacy, transparency, accountability and security.
You will have to limit what data is gathered from individual EU citizens to only what is absolutely necessary to maintain service and remain cognizant of what type of information you collect through your CRM software and how you process it. An up-to-date, more centralized CRM solution will help you consolidate your data and enable easier active management.
HRMS, HCM, etc.
Human resources and human capital management (HCM) modules that compile data on personnel may also be affected by the GDPR. These solutions function by compiling and processing the personal information of your personnel. If your business employs anyone in the EU, then their data is governed by the GDPR and you must review your system to ensure compliance.
As with any CRM software, you must also consolidate your HR data into as few databases as possible. You will also have to review your internal communication procedures to ensure you have built the proper consent attainment methods when it comes to obtaining employee information. Robust, modern HR solutions with regular updates and self-service options can help you streamline this process and ensure compliance is met.
Sage Internal Review
Sage Group has been conducting an internal review of all their products to determine GDPR compliance capability and has assembled a team devoted to that pursuit. Sage will implement Privacy Impact Assessments (PIAs) for all new product launches as well as a comprehensive compliance program that will enable tracking of GDPR requirements. They will also release updates for all current products that will introduce new task features that are mandated by GDPR obligations. Sage ERP users will be able to use these tools to ensure they remain compliant with the new law, though the ultimate burden of cooperation falls on the operator of the software.
Meeting GDPR obligations will entail making changes to how your business approaches training for your ERP solution. Data collection processes will require more oversight than previously to avoid noncompliance. You will need to ensure that your end-users are properly educated in how to manage the system with the new methods.
It will be increasingly important to understand the full capabilities and limitations of your ERP solution. A knowledge vendor familiar with your system’s specifications can help you leverage your software to meet the new regulations and remain compliant. They can also help you determine if your ERP solution will have more difficulty in achieving the standards set forth by the GDPR, and what software might be better suited to your needs.
Consider Upgrading to a Modern ERP to Ensure Compliance
Older ERP system will have a harder time responding to emerging trends such as the GDPR. This regulation will require a considerable overhaul of data privacy standards, and similar legislation will likely follow in the future. To be able to meet these requirements, you should consider upgrading to a modern ERP solution. that will receive regular security updates that meet compliance obligations. Continue reading here for more reasons on why you should consider migrating from a legacy ERP system.
Want to know more?