GDPR features on Dynamics 365 Business Central and NAV 2018 CU 04: overview

With the release of Microsoft Dynamics NAV 2018 CU 04, GDPR support in NAV 2018 goes to a step forward. The same features were available in the last days also in Dynamics 365 Business Central. I had the pleasure to see that features some months ago and provide feedbacks, in my personal opinion now the GDPR support is quite good and we can share the details with everyone (and you can share them to your customers too).

First important thing: to see the GDPR tools available in NAV/Dynamics 365 Business Central, you need to sign in with the Administrator of Users, User groups and Permissions role center (you need to associate it to your user in the User Personalization pane) because as a legal requirement, data privacy features are available only for administrator of users (Data Protection Officer).

D365BC_GDPR_01.jpg

After a login with this profile (and only with this!), you’ll find a Data Privacy activity pane which contains all the GDPR features actually available:

D365BC_GDPR_02.jpg

If you click on Data Privacy, you’ll find these tabs:

D365BC_GDPR_03.jpg

Data Classifications opens a Data Classificaton worksheet where you can set the data sensitivity of your tables (standard and custom tables). Here you have features for massively change the sensitivity of fields and for filtering accordingly to the data sensitivity. NOTE: Microsoft has classified all the fields for you now, but I think you need to carefully check and setup your own classifications:

D365BC_GDPR_04.jpg

By clicking on Set Up Data Classification button, a wizard (Data Classification Assisted Setup) starts. Here, you can export data classifications to Excel and import data classifications from Excel. This is useful for massively change classifications, expecially if you need to give the data to the outside (for example a privacy expert) that assists you on defining the classification rules of your fields:

D365BC_GDPR_05.jpg

If you go back and click now on Data Subjects, here you have the physical entities with sensitive data in your NAV (what is classified by Microsoft). From here, you can create a Data Privacy Utility and see the logs for every executed Data Privacy Activities:

D365BC_GDPR_06.jpg

If you click on Data Privacy Utility, a wizard starts. From this wizard, you can perform two GDPR-related actions:

  • Export subject’s data
  • Create a data privacy configuration package

D365BC_GDPR_07.jpg

If you select Export a data subject’s data, you can select a subject and export all its sensitive data from the NAV database (you can select the grade of sensitivity):

D365BC_GDPR_08.jpg

You can preview the export and after that it generates an Excel report with the extracted data:

D365BC_GDPR_09.jpg

The generated report will be placed in your role center’s report inbox:

D365BC_GDPR_14.jpg

The Excel file contains a worksheet for every NAV/D365BC entity. On every worksheet you’ll find the relative documents that contains the sensitive data.

When the activity is completed, in the Data Privacy Activity you can see the log (for GDPR rules, all activities related to data manipulation must be logged):

D365BC_GDPR_10.jpg

If instead you select Create a data privacy configuration package, a data package for the subject will be created:

D365BC_GDPR_11.jpg

You can then see the created package and edit it:

D365BC_GDPR_12.jpg

This is a Rapidstart package with ALL the NAV/D365BC tables that contains sensitive data for the subject you’ve selected:

D365BC_GDPR_13.jpg

P.S. regarding a subject’s data deletion, the product team decision was to BLANK the data. For what I’ve understood, you need to create a data export with his sensitive data and then re-import the data with the deletion of what you want to “BLANK”. Why BLANK and not masking? For table relations problem. My personal opinion is that the masking/deletion can be improved, but for the moment you’re ok.

With these features you’re able to manage the primary GDPR requests that you could receive and these features makes NAV and Dynamics 365 Business Central GDPR compliant.

Things are not finished, expect improvements also in the next CUs.

UPDATE: to answer a question I’ve received: the Data Classification Wizard does not update the DataClassification property on table’s fields. This property is a first level of classification, done by developers or ISV. The wizard permits to the end user to define their classifications (data sensitivity) and this is stored on Table Metadata and Fields virtual tables.

6 Comments

  1. Thanks you for the information, this really helped me!

    When testing the new functionalities added by Microsoft, i managed to get a customer blocked “Privacy Blocked”. By using the”Data Privacy Utility”, do you know how to unblock a “Privacy Blocked” data subject?

    Like

    1. There are new “Privacy blocked” fields on Contact, Customer, Vendor, Employee, Salesperson, Resource cards which provide the “similar” functionalities as Blocked.

      Like

  2. Hi, Thanks for sharing your this information with us! Can you please tell me how we can manage the Data subject request, still that part is not clear. If we have defined data as a personal, then why it is visible and available throughout the system? how data sensitivity works ?
    Thank you in advance !

    regards,
    Jaymesh Shah

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s