With the release of Microsoft Dynamics NAV 2018 CU 04, GDPR support in NAV 2018 goes to a step forward. The same features were available in the last days also in Dynamics 365 Business Central. I had the pleasure to see that features some months ago and provide feedbacks, in my personal opinion now the GDPR support is quite good and we can share the details with everyone (and you can share them to your customers too).
First important thing: to see the GDPR tools available in NAV/Dynamics 365 Business Central, you need to sign in with the Administrator of Users, User groups and Permissions role center (you need to associate it to your user in the User Personalization pane) because as a legal requirement, data privacy features are available only for administrator of users (Data Protection Officer).
After a login with this profile (and only with this!), you’ll find a Data Privacy activity pane which contains all the GDPR features actually available:
If you click on Data Privacy, you’ll find these tabs:
Data Classifications opens a Data Classificaton worksheet where you can set the data sensitivity of your tables (standard and custom tables). Here you have features for massively change the sensitivity of fields and for filtering accordingly to the data sensitivity. NOTE: Microsoft has classified all the fields for you now, but I think you need to carefully check and setup your own classifications:
By clicking on Set Up Data Classification button, a wizard (Data Classification Assisted Setup) starts. Here, you can export data classifications to Excel and import data classifications from Excel. This is useful for massively change classifications, expecially if you need to give the data to the outside (for example a privacy expert) that assists you on defining the classification rules of your fields:
If you go back and click now on Data Subjects, here you have the physical entities with sensitive data in your NAV (what is classified by Microsoft). From here, you can create a Data Privacy Utility and see the logs for every executed Data Privacy Activities:
If you click on Data Privacy Utility, a wizard starts. From this wizard, you can perform two GDPR-related actions:
- Export subject’s data
- Create a data privacy configuration package
If you select Export a data subject’s data, you can select a subject and export all its sensitive data from the NAV database (you can select the grade of sensitivity):
You can preview the export and after that it generates an Excel report with the extracted data:
The generated report will be placed in your role center’s report inbox:
The Excel file contains a worksheet for every NAV/D365BC entity. On every worksheet you’ll find the relative documents that contains the sensitive data.
When the activity is completed, in the Data Privacy Activity you can see the log (for GDPR rules, all activities related to data manipulation must be logged):
If instead you select Create a data privacy configuration package, a data package for the subject will be created:
You can then see the created package and edit it:
This is a Rapidstart package with ALL the NAV/D365BC tables that contains sensitive data for the subject you’ve selected:
P.S. regarding a subject’s data deletion, the product team decision was to BLANK the data. For what I’ve understood, you need to create a data export with his sensitive data and then re-import the data with the deletion of what you want to “BLANK”. Why BLANK and not masking? For table relations problem. My personal opinion is that the masking/deletion can be improved, but for the moment you’re ok.
With these features you’re able to manage the primary GDPR requests that you could receive and these features makes NAV and Dynamics 365 Business Central GDPR compliant.
Things are not finished, expect improvements also in the next CUs.
UPDATE: to answer a question I’ve received: the Data Classification Wizard does not update the DataClassification property on table’s fields. This property is a first level of classification, done by developers or ISV. The wizard permits to the end user to define their classifications (data sensitivity) and this is stored on Table Metadata and Fields virtual tables.