Data Quality for GDPR in Microsoft Dynamics 365 / CRM
As most of you are aware the EU has created a new data protection law The General Data Protection Regulation (GDPR). This law is intended to provide one data protection law across the EU, this will mean that organisations are required to demonstrate consistent data protection compliance.The UK Parliament has already said that Brexit will not affect the GDPR non-compliance. In short what this means is when the UK leaves the EU, we will still need to demonstrate compliance to GDPR.I wanted to give any business/organisation a guide to GDPR. For those regarding GDPR and Microsoft Dynamics 365, Microsoft has offered great resources which can help you on your GDPR journey unfortunately this is only provided for cloud solutions only.
1. Ensure your data is correct – this is broad but needs huge consideration.
2 Standardise records as much as possible, ensure the spelling is correct, dropdowns are used when possible.
3. Duplicates – de-duplication and merging. Duplications of data can cause huge problems when it comes to GDPR as the consent may differ on both the personal records. These need to be captured and corrected as soon as possible. Merging records in CRM solutions can be achieved by clicking the wizard buttons but does need some input.
4. Identify and deactivate old records. Within the new GDPR law is the “right to be forgotten”. The ICO outlines 6 different scenarios but for this purpose, we can focus on “Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.”Please also see the timescales the ICO refers to of keeping hold of information.
5.Validation – ensures that data is correct by checking addresses and phone numbers. Again, a time-consuming job but valuable within the GDPR guidelines.
6. Enhance data – add missing information. For example, are the counties in the same format across your system? Can you use your data in the best way possible? Bear in mind that GDPR also says: that data should only be collected for specified, explicit and legitimate purposes and cannot be processed if it isn’t in-line with those purposes.
7. Suppression records – consent records have they given permission, what channels are these? Is your CRM system set up to capture the consent explicitly?
In writing this post l am looking to raise awareness for key GDPR Considerations and would like to also make you aware that l am not a GDPR lawyer/solicitor but looking to ensure we all take the neccessary steps to be compliant