Support Portal ContactGet in touch

Implementing GDPR with Dynamics CRM

   Words by Paul McQuillan

   on 28/02/2018 09:00:00

The General Data Protection Regulation (GDPR) is coming into force from May 2018 and poses a new challenge to any CRM System to help a business operate in a compliant fashion under the new regulations for data storage, processing and handling.

Dynamics CRM and SharePoint provide a great platform to ensure a business is GDPR Compliant - however like many aspects of CRM Solutions, a good system is a start but customising CRM to ensure we have right process in place to support user adoption is key, as we can only be compliant as the processes we have in action.

In our previous article, we looked at the core tenants of GDPR and now we can look at how these can be implemented in Dynamics CRM, the resources available to help us, and the additional Apps or functionality we can use:

Dynamics

Dynamics tracks the Classification of Data we hold for each Contact, Lead, Internal User or Company between Organisational, Personal, Sensitive or Transactional.

In this, we can track Non-Personal Company details as Organisational as this data is freely available in the public domain.

GDPR Tracking for Personal and Sensitive Data

For Contacts however we can ensure we track our data as either Personal or Sensitive, and then supply our reason for holding this data that complies with GDPR. Dynamics then ensures that this reason is a required field for entering the Contact so Compliance is assured.

Business Rules

Consent is the easiest reason for a User to select as they can assume that Consent is given by the Contact in the context of them dealing with us, but this is also the hardest to justify under GDPR as other reasons to track the data are more clear justifications. As such Dynamics ensures that we supply additional details where Consent is selected as the reason to track the Personal or Sensitive Data.

This similarly applies to Internal Users within Dynamics - Dynamics will assume ‘Contractual’ as the reason for tracking his or her details.

In this way Dynamics allows us to define Business Rules for how we store and manage data to help keep us compliant.

image

Defining Business Rules in Dynamics to help compliant management of Personal or Sensitive Data

Microsoft Platform

As a Microsoft Platform, a wealth of investment and help has been provided to help businesses using Dynamics and Office 365 manage their GDPR compliance.

Microsoft Commitment to GDPR

Microsoft Trust Centre – Cloud Services

Microsoft Trust Centre – Privacy

The Microsoft Teams for Office and Dynamics 365 have posted an information protection strategy to help prepare for GDPR: https://blogs.office.com/en-us/2018/02/22/microsoft-365-provides-an-information-protection-strategy-to-help-with-the-gdpr/

Get GDPR compliant with the Microsoft Cloud - https://blogs.microsoft.com/on-the-issues/2017/02/15/get-gdpr-compliant-with-the-microsoft-cloud/

And for the fuller guide, we also have the GDPR White Paper below: https://info.microsoft.com/ww-landing-GDPR-M365-Whitepaper-WhitePaper.html

DocMan

DocMan is our App that links Dynamics, SharePoint and Xperido to make the best functionality of each easily accessible within CRM.

This improves GDPR Compliance in three significant ways:

(1) Structured Storage - Allows us to upload, generate and edit Documents stored in SharePoint from within each screen in CRM - this manages our Unstructured Document, File and Email Data in tandem with our Structured Data within CRM.

By implementing this point, we store Documents in a well governed SharePoint Structure specific to our company so that Documents are stored in a consistent and predictable structure to meet GDPR Compliance for Access Requests – crucially this integration with CRM allows us to tie our siloes of unstructured documents to the structured records in CRM, so our users can access and use both as part of a single solution, rather than having a separate CRM System running in parallel to a Network Share where the structured and unstructured are often completely disconnected from one another.

DocMan – Define your Document Structure

(2) Document Metadata - Tracks Metadata for each Document to track the Data Classification and Reason for storing the Document - so the data in the Document or File is also tracked between Non-Personal, Personal or Sensitive for GDPR Compliance. This is done in an institutive way to support ease of use for the User:

  • The Metadata for each Document defaults to the existing Data Classification held in Dynamics for the Contact, Lead or User.
  • The Metadata for any of the Documents can be edited in a simple Grid accessible from the Contact screen in Dynamics.
  • Tracks each Document or File with a specific Content Type to define the nature of the file and store the file with a relevant set of Metadata.

DocMan – Metadata GDPR

(3) Track Attachments Compliantly - Extends the base functionality of the Dynamics App for Outlook to automatically track Email Attachments into SharePoint Documents - so each useful Attachment is stored and managed in a GDPR Complaint fashion.

DocMan – Email Attachments

image

Tracking the GDPR Classification for a Contact and the contact’s SharePoint Documents within Dynamics using DocMan

SharePoint

SharePoint is the premier Cloud Storage and Collaboration solution from Microsoft, and now works hand in hand with Office 365. (and is often provided as a component of a Dynamics 365 Solution)

As DocMan makes the power of SharePoint more accessible and easy to use within CRM, which helps us to get the best use of SharePoint to promote good, secure file storage and so compliance with GDPR.

Easy Integration with Windows – we can access our SharePoint Document Libraries as easily as a File Share on our PC or Network Drive by mapping our storage locations.

Enterprise Search – allows full-text indexes for quick and easy search of documents.

Security – Sites and Document Libraries within SharePoint can be access controlled and security layers created within your organisation.

Collaboration – Allows us to collaborate as an organisation by sharing documents and recent items our teams have been working on.

Anywhere and Any Device – Documents and Files held in SharePoint can be shared between authenticated users and accessed on any device. Documents can then be shared with 3rd Party Clients or Suppliers for data compliance using DocMan or a Portal Site.

Backup – Documents in SharePoint are stored via a SQL Database that is subject to regular backups and safe storage; this can often be missed with regular fileshares.

image

Collaborating on Documents between Teams in SharePoint

Share this Article

Search Articles

Filter Articles

CRM Tech DocMan

Recent Articles

Cannot retrieve this article from the blog engine. Please refresh your browser to try again.
  • "Paul has made a real difference to how my team of 24 people record and store valuable customer data and sales opportunities. Highly recommended."

    James, Operations Director

  • "Understanding your business allows us to advise when to implement aspects of CRM and, likewise, when not to."

    Paul McQuillan, Managing Director

  • "Dynamics 365 and CRMCS have made a real lasting difference to our business, allowing us to replace older systems that were holding back our performance."

    Grahame, Chief Operating Officer

  • "James worked well with us to help connect CRM with Outlook and relate how this might benefit our team using CRM for Property Care."

    Natalie, Property Care Supervisor

  • "Matt was really good with helping us run User Testing on the new Compliance Module of our CRM System."

    Tom, Compliance Administrator

Prefer to go old-school?

Write to us using the below addresses.

Head Office
CRM Consultancy
61 Oxford Street
Manchester
M1 6EQ

London Office
CRM Consultancy London
Grosvenor Avenue
London

Content © CRM Consultancy.