About the Solution
Fullscope has released version 2.0.0 of the GDPR Management Solution, which gives clients a robust set of tools to manage their compliance with key aspects of the General Data Protection Regulation (GDPR), approved by the EU Parliament in April of 2016 and enforceable starting May 25, 2018.
These regulations affect all business holding information on citizens of EU member states, not just companies based in those countries.
The solution extends relevant areas of Microsoft Dynamics 365 for Customer Engagement core functionality to facilitate management of consent and data requests in an end to end process, storing an audit trail of key information and providing real-time reporting on compliance efforts.
Additional elements added in the 2.0.0 release are an Asset Register, Transfer Register, Lawful Basis tracking, and a Breach Management module.
Sample Use Cases
- Contacts begin submitting data requests as allowed by the GDPR—for example requests for information or requests for erasure—the tools in this solution guide the user through the steps of evaluating, researching, and finally complying with the request, storing a record of the actions in case of future audit.
- The GDPR requires opt-in consent from contacts in order to retain and process their data—the tools in the solution can be easily integrated with outgoing email campaigns and/or a customer self-service portal to track both the initial and ongoing efforts to obtain consent, again keeping a record of contact interactions.
- Customers wish to see what data you hold on them—the tools in the solution allow integration with a Microsoft of third party portal solution to allow this, as well as self-service of request creation, allowing some processes to be fully automated and reduce the burden of compliance.
- There is a security breach and some PII is compromised—the solution has a breach tracking feature to guide you through the steps to comply with GDPR obligations in a breach, and track key metrics such as time to detection and time to notification.
- Data is transferred to a third party or another country—GDPR requires logging the transfer in these circumstances, the solution includes a Transfer Register to track when data is transferred, to whom, for what purpose, and so on.
- In order to comply with data requests, it is necessary to know where all PII resides—the Asset Register included in the solution allows easy cataloging of all PII and where it is held, to streamline breach response and data request compliance.
- It is necessary to be able to demonstrate lawful basis for all personal data that is retained and processed—the solution has added a tracking field on the contact record and pre-loaded the six lawful bases identified by the GDPR, so each contact can be easily categorized.
Interested in how you can implement this solution for your organization?
Reach out to us or find out more about the solution through your Account Director.
Free On-Demand Webinar on GDPR:
Learn more on GDPR and Beyond Using Microsoft Dynamics with Edgewater Fullscope.Microsoft Dynamics 365