Managing company’s finances is inevitably connected to processing delicate data concerning not only the enterprise itself, but also its business partners and clients. GDPR, General Data Protection Regulation, entering into force on May 25th 2018, imposes obligation of assuring the highest data security level on economic operators.
It is not worth to wait with, as preparation of company’s IT system in accordance with GDPR needs to be thought over on assumptions level and demands time to implement it in details. Let’s analyse, how GDPR refers to financial processes management in terms of expected system.
The highest IT system security
GDPR expects, that connection of the system processing data will be encrypted, what minimises the risk of potential breaches. This kind of IT system is by assumption used by more than one person, so it must be designed concerning safety rules. GDPR guidelines need to be taken into consideration when planning, preparing and implemeting. In practice it means, that if the system in use does not have full compliance with the Regulation, we are obliged to modify it or to implement a completely new solution.
Specific access limitations
Access authorities should be connected to conducted tasks respectively and not exceed the essential range. In practice it means, for example, that accountant Peter, who puts invoices from subcontractors into the system, may have full access to full information about the company, but he does not need to see the history of its accounts. Chief accountant Barbara will see the whole record with its history, which is necessary for her to authorize the operation. While specialist Paul, who is responsible for incomes & outcomes balance, does not need to see details of the operation, because he only needs single amounts and documents to prepare the general summary.
The tool we will need in the company must enable constricting access to the chosen data range. The possibility to deactivate view of a single data category for a chosen user, e.g. value of the latest invoice for marketing specialist, sending newsletter with customer info – meaning information unnecessary for the conducted task.
Further there is role of the administrator, who is to customize authorities to the flow of realising processes connected to data, to agreements given and to guidelines emerging from the Regulation.
However it is the choice of the right IT system what assures the technical compliance with GDPR guidelines and we make it easy for the data security administrator, who then takes care of actual compliance with the european regulation.
Protection monitoring
Obligation for monitoring the security status is also taken into accout in GDPR. The administrator must report potential breach in less than 72hrs to the respective body of supervision. By interpretation, he should be provided with a tool, which – when a breach happens – will discover and report it.
Security standard has not been described in terms of technical details, but as above-mentioned, general demands. They are the ground, on which we should search for a tool to assure compliance with GDPR and avoid the penalties. They are good to avoid as they can reach up to 4% of year global income or 20 milion euro. Even, if those are values for the biggest ones, there is no need to take the risk.
Answer to GDPR
Microsoft Dynamics NAV is a reasonable answer to GDPR guidelines. The system uses safe, encrypted connection with the data center. Platform supporting it may be based on Azure AD techology, which assures security of authorization of a person currently signing in to the system. Access authorities of users or group of users may be casually customized according to current needs and tasks, giving and taking away access in real-time.
It is possible to create confined data and/or people bases connected to specific goals, so to minimize the risk of unauthorized access to information.
It is worth mentioning, that specification of Microsoft Dynamics NAV answers to obligation of accounting compliance mentioned in the Regulation. This means, that every economic operator has to prove compliance of its procedures with GDPR on demand of suprvising body.
Realisation of GDPR will be controlled in great details. Examples of points to be met on check list may be: ability to assure cotinuity of confidentiality, integrity, accessibility and immunity of systems and processing services. Microsoft Dynamics NAV answers to those expectations and others mentioned in the Regulation in its basic specification.
The only thing to take care of more is to construct company’s flow of information in details, and after the implementation – configure them appropriately.
Dein Beitrag gefällt mir sehr gut! Weiter so
Danke schön, das ist sehr angenehm