We’ve been hearing a lot lately about privacy and privacy breaches, and how personal data that has been trusted to organizations is being improperly shared with or stolen by other organizations - specifically details that were never meant to be passed on (anybody ever heard of Facebook?).
The GDPR, General Data Protection Regulation, is a set of European Union (EU) and European Economic Area (EEA) laws that come into effect on May 25, 2018. The purpose of these regulations is to provide a set of standardized data protection and privacy laws for all individuals and organizations within the European Union and protect all EU citizens from privacy and data breaches. The GDPR is working to give control of personal data back to the individuals.
WHO IS AFFECTED BY THE GDP REGULATIONS?
The GDPR will affect organizations located within the EU, but it also applies to all companies, regardless of their location, that process or hold personal data from individuals or companies that reside in the EU.
The GDPR associates information such as customer IP addresses and even web cookies with the same strict security standards as physical addresses and social security numbers. It’s these restrictions on sensitive consumer data that changes the way consumer data is protected everywhere, not just in Europe.
One of the key components of these new regulations is the strengthening of an individual’s consent or withdrawal of consent for processing their personal data. Consent must be explicit and it must also be easy to withdraw. Withdrawal of consent is sometimes referred to as the ‘Right to be Forgotten’. This right is also referred to as Data Erasure. A company or individual can request the company controlling or holding their information, to erase and stop circulating and processing their personal data.
SAGE CAN HELP.
Sage can help with obtaining and tracking consent, as well as data erasure when consent is withdrawn.
1) Obtaining and Tracking Consent in SAGE CRM:
Sage CRM 2018 R2 has added a new Consent tab and a consent tracking capability, allowing you to store consents from customers against their contact record.
A request for consent can be issued using preconfigured email templates:
· the email includes an ‘accept’ link.
· clicking the ‘accept’ link automatically records consent in Sage CRM against the person or lead contact record.
· the email template also contains a link to withdraw consent.
· there are consent record views for both lead and person groups. Use these views to create your campaign groups
· consent can be stored for multiple types of campaigns
· email templates are included for both person and lead contacts as well as templates for mass consent emails.
When a customer withdraws consent, Sage CRM has Mass Delete functions to assist with:
· removing all communications
· removing all documents
· removing all Library items
· only an administrator can perform these functions
2) Erasing personal data in SAGE 300:
Sage 300 2018 Product Update 2 (or Sage 300cloud) has an ‘anonymizer’ utility that removes all personal data from customer and vendor records. This utility, which is very simple to use, replaces personal data with a 6-character code, from any customer or vendor record, as well as all documents and transactions in all modules that reference this personal information. When a customer or vendor withdraws consent, or requests that their data be erased, the Sage 300 Anonymizer removes personal information in seconds.
Once the personal data is replaced with a generic code, Sage 300 can transfer the anonymized data for the specific customer or vendor into Sage CRM to facilitate full compliance. This needs to be done before CRM transfers the personal data back into Sage300! Note that further procedures need to be done within CRM to remove all communications as well.
If the Sales Analysis module is being used, a reset and re-retrieval of data will need to be done to remove personal data from that module. However, if history has ever been cleared from Sage 300, resetting the SA data will result in some loss of historical sales data. In this case, Equation can perform a data repair function that will remove personal data from the SA tables without any loss of historical sales information.
For more information on the GDP Regulations, click here. If you need the Sage 300 Anonymizer tool, or if you need more information on how to handle the new GDPR, give us a call at 760-436-3530. We can help!
