Member Article

GDPR: Prepare your business and your ERP system

The 25th of April will carry extra significance this year, with the day marking one month until the European Union’s (EU) new data regulations come into force.

While we are not recommending that those who process and manage data spend the next month locked up in a room devising a plan of how their business is going to comply with the General Data Protection Regulation (GDPR), it is of utmost importance that you consider how your organisation is going to meet the requirements sooner rather than later.

The consequences for businesses of not meeting the new regulations are severe, with a fine of up to 4% of their annual global turnover or €20 million, whichever is greater. Businesses should also be aware that Brexit will not save them from having to comply with the requirements, as the Government has already committed to introducing GDPR into UK law when the Brexit process is formally completed. Businesses with customers from EU regions would have to comply with GDPR anyway, regardless of whether it was introduced into UK law.

In short, GDPR gives the following rights to individuals over their personal data:

1. The right to be informed
2. The right of access
3. The right of rectification
4. The right to erase
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling

For large businesses, the issue of data management is covered in parts by their ERP system, which along with their CRM system, holds huge amounts of personal customer data, a term that will be expanded under GDPR to include information such as IP addresses, user ID’s and location data.

A lot of the rights outline above by the ICO can be met by simply adopting a default culture of responsible data management within your business, a culture that relies on those tasked with processing and managing data always referring to best practice procedures.

Sizeable businesses may find they would benefit from hiring a Data Protection Officer, whose sole role it would be to ensure data compliance. The cost of hiring a member of staff would be far less than the potential fine for non-compliance.

The right that poses most problems for businesses, particularly in relation to their ERP system, is the one that stipulates individuals have the right to be forgotten. Regardless of whether the information is stored in a large enterprise management system, or an office filing cabinet, businesses must be able to prove that every record of an individual’s data has been completely wiped. A tricky process and one that some businesses may not fully confident they can complete with 100% certainty.

Locating and erasing personal data within an ERP system may not be straightforward as many businesses would like to imagine it is, with the likelihood being that personal data will be stored in a whole host of different tables and areas, meaning the process of finding the data is likely to prove time-consuming to say the least.

With GDPR though, time is of the essence when it comes to locating an individual’s personal data. This is because GDPR now gives a business only a month from the request date to present the data to the individual, a decrease in 10 days from the current allocated time-frame.

Those businesses that have had substantial customisation work done on their ERP system may find the new timescale challenging. Businesses may find it beneficial to run a test now, in the last month running up to GDPR of how quickly they can locate an individual’s data from within their ERP software. At the very least, businesses should draw up a plan of how they intend to go about the process.

Add in that businesses must not receive positive opt-in consent from individuals, record their consent processes, receive parental consent for those under 16, as well as meet a whole host of other requirements, then it becomes clear that GDPR is an issue that businesses must start to plan and adjust for as soon as possible.

Here at Monpellier, we are Pegasus and Sage software Business Partners, and if you are considering having a new ERP software system in place so you can be confident of being GDPR compliant, then we can help you get this into place. Visit www.monpellier.co.uk/online-quote to see the savings you could make, or call us on 0191 500 8150 to speak to a Business Software Specialist.

This was posted in Bdaily's Members' News section by Monpellier Ltd .