GDPR - User Guide EN
Entersoft Business Suite® | Entersoft CRM®
User guide & Implementation tips
1. General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.
All companies operating in Member States of the EU are obligated to comply with this regulation. Therefore, to support them in complying with GDPR, the new GDPR Procedures has been added to the application.
Data protection policies
Usually, GDPR is consisted of several policies and those policies might need updating. In order to register a new data protection policy, go to Tools and configuration / GDPR procedures / New… / Data protection policy. In the data protection policy form, general data along with notes and related documents are displayed.
In case that a policy needs to be updated, the Update button is available on the top of the data protection policy form. By clicking on it the general data of the data protection policy update as well as notes and related documents are shown. Also, this form is accessible through the menu (Tools and configuration / GDPR procedures / New… / Data protection policy update). All policy updates are listed in the section “Updates” in the related Data protection policy.
Finally, all data protection policies are listed in the view Data protection policies (menu: Tools and configuration / GDPR procedures / Documentation of personal data protection / Data protection policies).
Data usage scope
According to GDPR, every EU citizen must be notified about the scope of usage of his/her data and decide if he/she agrees with it or not. For instance, the email addresses of a group of people will be used by a company to send them newsletters. The company has to notify this group of people about its intentions and each individual should accordingly respond to this notification by accepting or rejecting it. The responses can be registered manually or by any other customized procedure.
For this purpose, three forms have been designed; the Data usage scope form, the Data usage scope acceptance form and the Data usage rejection form. All of them are available through Tools and configuration / GDPR procedures / New….
Also, the list of scopes is available through the menu Tools and configuration / GDPR procedures / Documentation of personal data protection / Data usage scopes.
All individuals have the right to apply for their personal data anonymization (pseudonymization) or change. In consequence, the corresponding forms have been created and are available through Tools and configuration / GDPR procedures / New….
Data protection violation
Unfortunately, in some cases the regulations might be violated. In this case, the violation should be registered in the application. For this purpose, go to Tools and configuration / GDPR procedures / New…. / Announcement of data protection violation
Setting GDPR field property
When the GDPR becomes effective May 25, 2018, the Data Protection Officer (DPO) becomes a mandatory role under Article 37 for all companies that collect or process EU citizens’ personal data. Consequently, the Data Protection Officer (DPO) has the authority to declare which fields of the application system must be subjected to GDPR.
In order to activate the GDPR property, go to Tools and configuration / GDPR procedures / Personal data fields – Activate GDPR. On the pop-up screen, the DPO must select the table and the field which desires to be subjected to GDPR. For instance, persons’ T.R.N. should be subjected to GDPR, so the table is set to ESGOPerson, the Field to TaxRegistrationNumber and the GDPR property must be checked.
Setting GDPR field security access
After defining which fields are subjected to GDPR, the Data Protection Officer (DPO) have to assign user privileges. To assign user privileges, go to Tools and configuration / GDPR procedures / Personal data fields – Assign user privileges. On the new screen the list of the fields subjected to GDPR is shown and all user groups are shown on the top of it.
Custom GDPR task types
If a new custom GDPR task type must be added to the system, then the GDPR_Custom task group must be assigned to the related field on the task type form.
The forms of the custom GDPR task types will be accessible through the menu Tools and configuration / GDPR procedures / New….
Custom GDPR views
If a new custom GDPR view must be added to the system, then it should be created in the GDPR (ES00GDPR) area and its type must be set as OTHER. All views of this type will be accessible through the menu Tools and configuration / GDPR procedures / Related actions.
|Before proceeding with GDPR procedures, it is mandatory to execute the CRM Zero migration process.|