GDPR and the impact to New Zealand Businesses

GDPR does not apply to me I am a New Zealand business. This is where you could be wrong. If you offer goods or services to citizens of the EU or if you hold data of EU citizens then GDPR applies to you. So are you ready for the introduction of GDPR on the 25th May?

What is GDPR, in a nutshell it is ensuring that the data of EU citizens is protected, data breaches are communicated and personal data is accessible by the person it belongs to.

In the context of GDPR, personal data relates to a natural person or data subject, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social websites, medical data or a computer IP address. If you hold data of data subjects under the age of 16, parental consent will be required to process the personal data for online services.

As an organisation you may be deemed as either a data processor or a data controller. A controller is the entity that determines the purpose, conditions and means for processing personal data, where the processor is an entity which processes personal data on behalf of the contoller. A simple example would be that you have a CRM system (data controller) that manages the personal data and you use a 3rd party marketing platform to send out emails (data processor).

If the above does fit you and you are not ready then the costs for non compliance and penalties are quite steep up to 4% of annual global turnover or $20 million Euros.

What are the key points that I need to be aware of?

  1. Breach Notifications – you must notify customers within 72 hours of a breach of personal data
  2. Right to Access – EU citizens can request whether or not you are using their data, for what purpose and can request a full copy of the personal data on file, free of charge to be supplied electronically.
  3. Right to be Forgotten – Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
  4. Data Portability – provides the right for a data subject to receive the personal data concerning them, which they had previously provided in a ‘commonly use and machine readable format’ and have the right to transmit that data to another controller.
  5. Privacy by Design – this is good practice for any implementation where personal data is being captured, but is now becoming a legal requirement. Basically it means that you must plan by design the inclusion of data protection systems rather than adding at a later date. In addition, you must hold and process only the data that is absolutely necessary for the completion of the process, as well as limiting the access to personal data to those needing to act out the processing.
  6. Data Protection Officers – you may need to appoint a Data protection officer if you meet the following prerequisites – you are a public authority, you are an organisation that engages in large scale systematic monitoring, or an organisation that engage in large scale processing of sensitive personal data.

So what is the impact and how do I prepare?

If you look at the key changes above their are a couple that catch my eye that says ‘umm how would I do that?” these would be the right to access and the right to be forgotten.

Both of these have a major impact on how you have currently designed and built your system. The right to be forgotten may have a knock on impact to related records and systems that requires a person record to exist for the record to be valid. Plus if you got a request to share the personal details that you have on a person, how would you process that? Can you print the details, can you isolate the specific fields required for the request?

This is where Privacy by Design is a key factor to consider when developing new systems, or reviewing existing systems, as you will need to now think of how will I do that if I was requested to do so. You need to think about downstream systems, data warehouses, integration pints, ERP systems, online channels, anywhere where personal data is stored.

A question I would ask of an organisation, is that are you currently capturing the citizenship of a person you are dealing with, can you identify the potentially impacted records in your system? A scenario that would not be to uncommon would be that you are selling goods in New Zealand to people residing or travelling in New Zealand who are EU citizens, if that person moves back to the EU then they could request their personal data or request to be forgotten, so the impact of GDPR is far reaching, especially with New Zealand being a tourist rich country.

Food for thought I am sure, make sure you are ready, and can comply, as I am sure there will be people who will test organisations once the 25th May hits us.

If you need assistance in getting ready for GDPR, get in contact.

Advertisements

Awarded MVP for Dynamics CRM for a second year

Thank you Microsoft for awarded me CRM MVP for a second year. Find my profile at http://mvp.microsoft.com/en-us/mvp/Steven%20Foster-5000781

Excel Surveys powered by OneDrive – very cool

Did you know you could create surveys using Excel Online? If not you are like me until I recently clicked a link and was amazed!

They look like this:

Example survey

Do you like it, I did.

So how do you create one?

Its really simple, follow these steps:

  1. Log into your OneDrive account
  2. Select Create and Select Excel SurveyExcel survey 1
  3. Now follow the simple instructions to create the survey
  4. Adding fields is really easy Excel Survey 2
  5. See my example here https://onedrive.live.com/survey?resid=FA929C41F6566E6E!5277&authkey=!ADGnRwlwFB-gg5o
  6. Once you have completed the survey you view the results in excel! Create some nice charts and even import into your CRM!
  7. Survey Results

 

So let your imaginations fly, birthday party invites, work events, internal work events, anything really. Plus what is really cool is that you could load the data into your CRM via the simple import feature and create campaign responses against your event.

Creating Event Labels from Dynamics CRM with a QR code, for quick attendance recording

So you run events and at the event you want to quickly update who has attended. You use Dynamics CRM to capture the event details and you record who has RSVP’d via campaign responses. You use mail merge to print out labels for the event.

Have you ever considered using QR codes on your labels to register people in? Did you know you can do this through standard Microsoft Word features (Word 2013 only) using mail merge? Well if you didn’t here is what you need to do:

  1. First you need to record the URL of the Campaign response record as a field on the campaign response. To do this you will need to do some minor config as follows:
    1. Create a new field on the Campaign Response record called “Record URL”
    2. Create a workflow that fires on Create of a new record to update the Campaign response Record URL using the field “Record URL (Dynamic)”
    3. Campaignresponse
  2. Next on to the mail merge, campaign responses do not support mail merge, to get around this simply export out the campaign responses using the standard export feature but ensure you include your new Record URL field.
  3. Now open Word 2013 and start a mail merge, select the exported out records to form the list to use.
  4. To add a QR code to your label you simply click “Insert Barcode Field” in the mailing ribbon, Select QR Code and select the Record URL field.
    1. qrcode
  5. You now have generated a unique QR code for each record.
  6. Print your labels and you are done.

Now at the event you can scan the QR code as they arrive and update the status reason of the record to Attended.

ClickDimensions – Free marker language demystified

See my guest post on the ClickDimensions blog My Post at ClickDimensions.

Hopefully it meets my objective of making this seemingly complex language simple!

Rockstar 365 rank yourself across your peers

Its interesting when you start listing all the projects you have worked on, the people you know and see how you compare.

Great work check out my profile at:

My Rockstar Profile

Sneak peek at my top 10 features of CRM2013

As you may or may not be aware Dynamics CRM will be having a facelift in October with the new release CRM 2013 being launched.

In short, CRM 2013 is the next release of Dynamics CRM. Dynamics CRM 2011 was released in 2010 and as such in line with the rest of Microsoft products has had a facelift to enable it to continue to be a market leader. With the range of new laptops, tablets and phones available to users, the Dynamics CRM user interface had to be re-imaged to support these devices more natively.

With a lot of information already out on what CRM2013 will deliver to users, I thought I would submit my “Top 10 feature” changes that you will experience with the new release. Keep an eye on this page for new postings about the upcoming release http://rc.crm.dynamics.com/rc/2011/en-us/Dynamics-CRM-Upcoming-Release-Information.aspx and Intergen’s blog www.intergen.co.nz/blog.

1. Ribbon goes, say hello to the navigation bar. The navigation bar is a replica of the navigation pane and represents the site map that you are used to and the ribbon buttons are replaced with simple worded command bar options. The reason for this change, speed up the UI, simplify the visuals and easy to touch.

2. No left hand navigation, expand the navigation bar

3. Process enabled forms, you can create processes to support users navigating through the system. A record type can have many different processes that can be started. A process drives a user through the information and related entities to complete the process. A user can change the process during a process if required. Example processes, Simple Opportunity Process, Complex Opportunity process, New Member, Renew Member etc.

4. Mobile for free, the new release includes an always online with cached offline mode for Windows 8 and IPad devices. The mobile user interface is dynamically created based on the same forms non mobile users utilise. This will provide a great tool for the mobile workforce to engage in CRM wherever they are.

5. Business Rules – remove the need for code. Business rules will enable some of the more simple business logic that we would have created in the past as plugins or JavaScripts to no longer be needed, simplifying your CRM system and enabling you to create and manage your own business rules.

6. Dynamics CRM and Server side e-mail and appointment processing. This is a great new feature, take this an example CRM 2011 process. A customer service agent creates an appointment for a user to visit a customer. The user will not see this appointment in their Outlook calendar until they sync Dynamics CRM with Outlook. If they are mobile using a smart phone or tablet then again they would not see this appointment until they sync their outlook, delaying the visibility of this appointment. With CRM 2013 the appointment will be pushed by CRM direct to the mail server and then it will immediately appear on your device. Great new feature.

7. Synchronous Processes. Basically processes in CRM 2011 have always ran in the background requiring a user to reload or refresh the screen to see the impact. CRM 2013 will now introduce processes that run immediately and update the form in real time, resulting in less code, less plugins and simplified management of business logic.

8. What is this Hero thing all about? The hero area of CRM is where you see all the recent activity of a record in one glance. If implemented well this will save all users an immense amount of time. Some of you may already be using this in CRM 2011 – activity feeds or in CRM online via the Polaris forms. Basically in CRM 2013 it takes this area to the next level with full capability to create all activity types, integrate with Yammer and view all notes. In some ways this is my number 1, as it provides the bare essentials to all users about the what is going on with the record with minimal clicks.

9. Global search within the Mobile Client.

10. Quick Create forms are back! You can now quickly create a record without capturing all viewing the complete form, great if you are on the move and just want to get something in quick.