Skip to main content

GDPR and Microsoft Dynamics 365: Understand your responsibilities

by Mark Polino
Director of Client Services, Fastpath, Integrated Business Group

You may have heard the term GDPR bandied about lately. It's not a swear word abbreviation, nor is it some new cell phone app. GDPR is the new European Union (EU) General Data Protection Regulation that imposes new rules on organizations in the European Union, those that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents, no matter where they are located.

The regulations are in response to data breaches and the misuse of personal information. Specifically, they are focused on information related to personally identifiable data and include:

  • user rights to access and correct personal data, including the right to be deleted
  • organizational controls on data, including training and audit policies
  • transparency policies on how the company collects, uses, and retains data
  • significant fines for violations

The last item is a big one. Fines can be up to €20 million or 4% of a company's revenue, a number sure to get the attention of any CFO. In simple terms, assuming the recent Equifax breach would be only one major violation, 4% of 2016 revenue would be $125 million and reduce net income by more than 15%.

Microsoft is working to ensure their products are GDPR-ready. There is a particular emphasis on the entire line of Dynamics 365 products. For cloud-based solutions, complying with GDPR is a joint requirement between the cloud provider and the user company. Microsoft works to supply the appropriate data protection controls, including security and audit logs, but relying on Microsoft's controls alone to ensure compliance is not enough. Microsoft's responsibility here is to secure the data center. GDPR imposes requirements on organization controls, audits, and policies which live firmly with the company using ...

FREE Membership Required to View Full Content:

Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

About Mark Polino

Mark Polino is a Certified Public Accountant (CPA) and a former Microsoft MVP (2007-2018) for Business Solutions. He is the author or coauthor of 5 books related to Microsoft Dynamics GP.  Mark also maintains the Dynamics GP focused website He speaks and writes regularly about ERP related topics. Mark has been a controller and CFO for a division of a publicly traded company and he has  worked as a consultant implementing ERP solutions. Mark holds additional certifications including Certified Information Technology Professional (CITP), Certified in Financial Forensics (CFF) , Chartered Global Management Accountant (CGMA). Dynamics Credentialed Professional for Dynamics GP 2015 (Core Install and Core Financials), Xero Certified. He holds a bachelor's degree in accounting from the University of Central Florida and an MBA from Rollins College. Mark lives with his family in Florida.

More about Mark Polino