GDPR Compliance and Cerm Software
GDPRGeneral Data Privacy Regulation is one of the broadest regulations ever enacted in the European Union, designed to give citizens control over how their personal data is stored and used. All EU member-countries have developed new laws that take effect on May 25, 2018. Even if the registered seat of your company is not in Europe, the law may still apply to you if you process data belonging to ‘data subjects’ (private persons) in the EU.
GDPR and ERP software
Naturally, many ERP administrators are wondering what this will mean for them and what they need to do to get ready.
GDPR compliance is a broad effort. You cannot meet GDPR requirements simply with software tools or updates. There are a wide range of actions and legal decisions that each organization must make, and the regulations go beyond digital assets to include business procedures and even IT- security, in terms of technical and organizational security measures. This means there are aspects of GDPR compliance that have nothing to do with software.
In fact, there is no such thing as a GDPR compliant software or a certificate. Your company will need to ‘comply’ in using your prospects, customers, employees, suppliers or sales representatives personal data. As well in your ERP software as in your Outlook contact persons, your company mobile phone address book or in your synchronized Google Photos App …
Cerm customers should do their own investigation and planning for GDPR compliance. If you are new to the subject, an excellent place to start is this webpage: https://www.eugdpr.org/
Cerm tools supporting customers in their GDPR Compliance journey
Cerm provides features and tools that can be used as part of an overall compliance effort. These tools provide key functions, such as:
- Download and open the file
- Enter the password.
Ask the password at the helpdesk via a ticket
- Activate the macro's in the document
- Step 1. Check the server and database
- If you have a CermBoXX
If you need additional information, please contact your Cerm consultant
- If you do not have a CermBoxx, ask your internal IT department for the correct information
- Step 2. Select which data is requested
- Step 3. Identify the data subject
Depending on the choice you made in step 2, you need to enter the Customer ID and contact ID, Supplier ID and contact ID, Delivery address ID and contact ID, Employee ID, representative ID or User ID.
- Step 4. Check the ID
Click the button 'Check the ID' this will result in
- A search for the name of this contact
- Followed by a search of this name throughout the database
- Step 2 and 3: Customer ID 100025 / Contact ID 005
- Step 4 will result in
- The name: Nicolas Cage
- At the bottom, an overview where the name Nicolas Cage is found in the database, in this case:
- Customer ID 100025 / Contact ID 005
- Delivery address ID 401123 / Contact ID 001
User ID 100137
- Step 5. Select the language for the report
- Step 6. Configure the content
of the report
Define what information you want to include/exclude in the report
Step 7. Build the report
The result depends on the choice you made in step 2
Customer, supplier or delivery address: Example
- Contact data: name, address, date of birth, ...
- Overview of all the messages where this contact is in the Message properties
- Overview of all the products where this contact is in the Product properties
- Overview of all the jobs where this contact is in the Job properties
- Overview of all the sales orders where this contact is in the Order and Sales orders properties
Employee, representative or user: Example
- Contact data: name, address, date of birth, ...
- 20 messages where this contact is in the Message properties
- 110 products where this contact is in the Product properties
- 75 jobs where this contact is in the Job properties
- 213 sales orders where this contact is in the Order and Sales orders properties
You will not receive a detailed overview of all the messages, products , ... but the number of messages, products, ... with this name in the properties.
Create a pdf document of the tab 'output' and email this information to the contact person that asked for it.
Restricting access to personal data by implementing ‘Cerm Permissions’
Right to be forgotten:
Locate where personal data exists in your system (see a. above)
Delete personal information of your contact: name, first name, email, picture, personal address, ...
Up to v7.19, these changes will be applied everywhere this contact ID is used within the software
Except: estimates, jobs and messages
As from v7.19, these changes will be applied everywhere this contact ID is used within the software
Cerm as a Data Processor
Cerm has 2 products in its portfolio (Web4labels and SmartBI) where Cerm acts as a ‘Data processor’ for you, its customer (‘Data Controller’). Cerm prepares a set of Data Processing Agreements - to be signed by you - with regard to these data-processing activities.
Cerm will have all necessary Data Processing Agreements with 3rd party Data Processors, like Microsoft Azure that will store the BI data-warehouse.