How Microsoft Dynamics 365 Online helps you achieve GDPR compliance

KMS News / April 12, 2018

With all this talk of GDPR and big fines for companies that are found to not be GDPR compliant in Europe, how do you know that your CRM system is compliant?

GDPR regulation comes into effect on the 25th of May 2018.
With Dynamics 365 online part of the responsibility of individuals data (including contact data) lies with Microsoft and part of the responsibility is on yourself as the CRM system owner.
Let’s take a look at what Microsoft do to ensure that Dynamics 365 online is GDPR compliant.

Data Storage

Data stored in Microsoft’s data centres will be encrypted and if data is sent from the data centres to an application it will be encrypted.
The encryption of data helps meet the security breach requirements of GDPR, in the event of a security breach the loss of sensitive data is limited as much as possible.
Microsoft protect Dynamics 365 online data servers against DDoS attacks and regularly carry out penetration tests to ensure data security.
So you can have assurance when storing data that Microsoft have provided the means to ensure your CRM data is protected.
Dynamics 365 for Sales uses technology such as Transparent Data Encryption (TDE) to encrypt data at rest, and Transport Layer Security (TLS) to secure communication between services. For Dynamics 365 for Sales, Microsoft SQL Server cell level encryption is available for a set of default entity attributes that contain sensitive information.
In Dynamics 365 for Sales-GDPR-Whitepaper link: here
https://servicetrust.microsoft.com/ViewPage/TrustDocuments
Servers

 

Compliance Manager

Microsoft have released the Compliance Manger as a tool for assisting your management of cloud based Microsoft Products such as Dynamics 365.
In this tool it helps you analyse GDPR compliance across all your Microsoft cloud based infrastructure and assign tasks to meet these requirements.
If you use the tool as an existing Dynamics 365 online product owner you’ll notice that there is far less responsibility on yourself compared to an on-premise CRM solution owner.
The purpose of this tool is to increase trust in your companies GDPR compliance and assist in the ability to provide proof of compliance in the event of an audit.
More information can be found here:
https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Announcing-Compliance-Manager-general-availability/ba-p/161922
Cloud

Transparency

Microsoft holds a strong belief in transparency when it comes to data and how they secure data,
so with Microsoft’s cloud storage you can have confidence in security of your data.
With Dynamics 365 you’re able to see where your data is stored, how Microsoft secure it and what Microsoft do in event of a government request for your data.
For more information on transparency please see:
https://www.microsoft.com/en-us/trustcenter/about/transparency

 

Within Dynamics CRM 365 Online

We’ve talked about how Microsoft have taken steps in their Dynamics 365 online infrastructure… but what can we do to utilise Dynamics CRM 365 Online’s tools to adhere to GDPR requirements as users/administrators?

Data Auditing

Within the Dynamics 365 platform you can enable data auditing on Entities that could contain sensitive data.
You can set up an audit history of these records on when a record is created, modified or deleted,
additionally you can log which users have access to these records and track when the users are created, deleted or have their permission modified.
Having the option for data auditing on entities is very beneficial in assisting your company’s goal in reaching GDPR data compliance.
More information on data auditing within Dynamics 365 online can be found here:
https://msdn.microsoft.com/en-us/library/gg309664.aspx

Papers

 

User Role Security

Within Dynamics 365 online you can restrict who has access to data.
You can use Role Groups, Teams and Business Units along with specific user permissions to easily define and control what records Dynamics 365 online users can read, update and delete.
Having multiple options in how you want to define who can view records and having the ability to restrict access to an entity is essential and made flexible no matter your businesses requirements.
You can also quickly view a single user’s permission to see what Entities they have access to.

Lock

 

Dealing With Data Deletion Requests

As part of GDPR you will need to be able to delete contact information against an individual at their request.
You will want this task to be completed as quickly and simply as possible, with Dynamics 365 online you can quickly identify where an individual’s data is stored by utilising the quick find or advanced find tool.
This reduces the amount of time in which these requests will take to complete and helps ensure that all the data throughout the CRM system regarding the contact has been removed.
Searching

Worried About Your CRM System’s GDPR Compliance?

Speak to KMS Software if you are concerned that the data within your CRM system might not be meeting the regulations!
We can help increase your confidence in the reliability of contact data within your CRM system.