#NAVdevInfo 5: I am a developer. Why should I care about GDPR?
I know that not all of you heard about GDPR. In fact, to be honest with you, few months back I also haven’t heard about it. And trust me a lot of customers and users of systems (not only NAV or Dynamics 365) still have no clue what is it. So why, we developers, should care about it? And what changed in NAV?
First things first
If you still do not know what is GDPR then I really advice you to read Whitepapers from Microsoft: https://docs.microsoft.com/en-us/dynamics365/get-started/gdpr/index?branch=gdpr-hub.
And if you do not want to read it then in short: GDPR is European Union law which is applicable in all EU countries. It says about one of most important topics in last years – data protection and data processing. Base on this law you will be able ask for all data which is related to you from any company, also you will be have rights to ask to delete the data or move it to other company.
What if your customers are not from EU?
This law is applicable for all companies which have customers in European Union so it could be possible that your customers need to follow the rules even not being EU company. From other point of view, as I wrote before, data protection is one of the most important things and it is good time for all other companies to implement the rules in system which gives assurance that data of their customers is properly protected and process.
What is the risk?
If company would not be able to provide data or would not be prepared to implement GDPR there could be below sanctions:
- a warning in writing in cases of first and non-intentional noncompliance
- regular periodic data protection audits
- a fine up to 20 million Euro or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater
So why should I care?
From business point of view: we should help our customers to avoid any of consequences which can be significate if they would not be prepared to respect the law. And this, in my opinion , is our main goal to keep customers prepared.
From technical point of view there are few things which had been changed in Dynamics NAV 2018, 2017, 2016 and 2015. About then you can read below but also will try to come back to it in next post.
Two levels of security
Level 1 – Data Classification done by developer
To tables there had been added (since 2018 CU3) new field property – DataClassification . This property is mandatory now and should be always filled in when adding field to your solution. In AL when you use snippets it is automatically added. To find out which value you should use in which situation please check link: https://docs.microsoft.com/en-us/dynamics-nav/classifying-data
Level 2 – Data Sensitivity done by users
This level of protection can be done by users which are Data Security Administrators. To see functionality SECURITY ADMINISTRATOR profile need to assign. After that Data Privacy menu is shown in the Role Center
User will have possibility to set Data Sensitivity and choose one of below option:
Sensitive
Personal
Company Confidential
Normal
First setup is done when company is created. However it is possible to change the value. This operation will be logged.
After this user will have possibility to export data directly to excel or just to create RapidStart Package. In fact when exporting to excel automatically RapidStart is created with proper fields. Which fields will be exported is related to option chosen when using Data Privacy Utility tool (in Data Subjects menu).
Additionally to Cards – Vendor, Customer, Contract, Salesperson, Employee and Resource there had been added new field Privacy Blocked. This field is used to block usage of card on Documents and in Journals.
Cool stuff about GDPR
To already given links above I would like to invite you to read (or watch) few additional things about this topic. As there is still some unknown areas in Dynamics NAV and Microsoft tool there are few NAV partners which already prepared functionality in NAV which can help you understand more about GDPR.
Below is what I found so far:
Simply Dynamics – https://simplyd.ie/2018/02/gdpr-dynamics-nav/
The NAV People – https://thenavpeople.com/uk/nhanced-gdpr-knowledge-session/
Stefano Demiliani’s Blog (very good example how to use role center) – https://demiliani.com/2018/04/13/gdpr-features-on-dynamics-365-business-central-and-nav-2018-cu-04-overview/
Blog about GDPR in NAV – http://navgdpr.com.gridhosted.co.uk/wordpress/
Blog post about GDPR for Developers in General (not related to NAV) – https://techblog.bozho.net/gdpr-practical-guide-developers/