GDPR Compliance and Cerm Software


GDPR is one of the broadest regulations ever enacted in the European Union, designed to give citizens control over how their personal data is stored and used. All EU member-countries have developed new laws that take effect on May 25, 2018. Even if the registered seat of your company is not in Europe, the law may still apply to you if you process data belonging to ‘data subjects’ (private persons) in the EU.  

GDPR and ERP software

Naturally, many ERP administrators are wondering what this will mean for them and what they need to do to get ready.

GDPR compliance is a broad effort. You cannot meet GDPR requirements simply with software tools or updates. There are a wide range of actions and legal decisions that each organization must make, and the regulations go beyond digital assets to include business procedures and even IT- security, in terms of technical and organizational security measures. This means there are aspects of GDPR compliance that have nothing to do with software.

In fact, there is no such thing as a GDPR compliant software or a certificate. Your company will need to ‘comply’ in using your prospects, customers, employees, suppliers or sales representatives personal data. As well in your ERP software as in your Outlook contact persons, your company mobile phone address book or in your synchronized Google Photos App …


Cerm customers should do their own investigation and planning for GDPR compliance. If you are new to the subject, an excellent place to start is this webpage:

Cerm tools supporting customers in their GDPR Compliance journey

Cerm provides features and tools that can be used as part of an overall compliance effort. These tools provide key functions, such as:

  1. Locating where personal data exists in your systems 'Download this file'. Before downloading the file, please read the following instructions

  2. Restricting access to personal data by implementing ‘Cerm Permissions

  3. List Exported interfaces data location (JDF, EDI, Accounting export)

  4. Right to be forgotten:

    1. Locate where personal data exists in your system (see a. above)

    2. Delete personal information of your contact: name, first name, email, picture, personal address, ...

      • Up to v7.19, these changes will be applied everywhere this contact ID is used within the software
        Except: estimates, jobs and messages

      • As from v7.19, these changes will be applied everywhere this contact ID is used within the software

Cerm as a Data Processor

Cerm has 2 products in its portfolio (Web4labels and SmartBI) where Cerm acts as a ‘Data processor’ for you, its customer (‘Data Controller’). Cerm prepares a set of Data Processing Agreements - to be signed by you - with regard to these data-processing activities.

Cerm will have all necessary Data Processing Agreements with 3rd party Data Processors, like Microsoft Azure that will store the BI data-warehouse.