Datenschutz-Grundverordnung (DSGVO)

According to § 15 para. 1 DSGVO, data subjects have the right to ask whether and which personal data is being processed.

Consequence: The ERP and CRM software must be able to create a complete reporting with all master and transaction data. This includes third-party solutions that are connected to the system, such as DMS, add-ons or connected ones CloudServices.

The security of personal data is very important in the GDPR. § 32 DSGVO requires inter alia appropriate technical and organizational measures to ensure a level of protection appropriate to the risk. The encryption of personal data and the protection against unauthorized access are explicitly mentioned.

Result: ERP and CRM must have a decided role and rights concept. At the same time, the encryption of the data must be down to the database level. Under certain circumstances, the performance of the SQL server must be adjusted because the encryption generates additional load.

In addition to numerous changes and clarifications, the GDPR also creates new rights. This includes data portability. This makes the switch to another provider much easier.

According to § 20 DSVO, affected persons have the right to receive the personal data concerning them that they have provided to a responsible person in a structured, common and machine-readable format.

Consequence: The solution used must be able to identify and provide the affected data. The export can be done via a physical disk or by providing a download.

In close connection to the data transmission, the right to delete, in many cases also known as "right to be forgotten", is regulated in § 17 DSGVO.

What looks like a simple task at first sight quickly becomes a complex challenge in practice. Because with ERP software, deleting records would quickly lead to inconsistent databases. In addition, legal requirements such as storage requirements must be taken into account. To make matters worse, the deletion of personal data must be done retroactively in backups and other backup systems.

Result: The used ERP industry software or CRM solution must on the one hand support the right to delete, on the other hand, keep the database consistent. A possible way out is the anonymisation or masking of personal data. The data is retained in the system but can no longer be assigned to the respective person.