On 25th May this year, the General Data Protection Regulations (GDPR) come into force in the UK. The regulations represent quite a change in the data protection rules and many companies are rushing to become compliant in time. Those that run SAP Business One though, have some advantages.
What is GDPR?
GDPR was brought in to increase the rights that EU citizens have over their own data, enhancing their privacy. It also provides a standardised set of laws that will apply across the EU and aims to reduce data and privacy breaches. Although Britain is heading out of Europe, the law still comes into force before Brexit is finally reached.
GDPR affects any company that holds or processes personally identifiable data about EU citizens, wherever in the world that company is based. This includes consumer data such as name, address and email, and also business information, such as job title, business email, work mobile numbers and so on. Even IP addresses and cookies – if they can be linked back to individuals – count as personal data. So GDPR covers everyone you deal with as a company: your prospects, customers, suppliers and your employees.
The legal detail is extensive, and every company should systematically be planning to achieve compliance, but in essence, GDPR means:
- Greater privacy for individuals, with no distinction about whether that data refers to the person as a private consumer or in their working role
- Individuals have greater rights over the data that is held on them, including the “right to be forgotten”
- Companies need to manage their data in a structured manner, with defined processes for storing and handling it
- Businesses need to be more transparent about how and why data is held and used
- Companies need to know what data they have and why they are holding it
- In some circumstances, companies will need to appoint a data protection officer
- Communication with data subjects – whether by email, postal mail, or telephone – must come under one of six legal foundations for processing data (such as consent or legitimate interest)
- Encryption of data may be required, as personal data is required to be held securely
- Breaches of data privacy may result in large financial penalties
GDPR compliance in SAP Business One
GDPR has been on the horizon for several years now, and businesses have had plenty of time to undertake audits of their data, to analyse and categorise it and plan the actions they need to take to achieve GDPR compliance.
Some aspects of SAP Business One already help with GDPR compliance. But to further to assist customers, SAP will be providing a patch for SAP Business One 9.3. The PL04 release patch will provide new data privacy functionality and tools for erasing personal data, logging changes to data, and registering access to sensitive personal data.
The new data privacy tools will include:
- Personal data set-up
- Personal data management wizard report, data erasure and data encryption/decryption for sensitive personal data
- Sensitive personal data access log
There will also be an enhanced change log to personal data related fields and objects.
If you would like to find out exactly how SAP Business One 9.3 and the new patch can help with GDPR compliance, or if you would like pricing for the 9.3 upgrade, call us on 020 8819 9071 or get in touch.