Introduction
According to a study carried out by SAP Hybris the most frequent reason why consumers turn away from brands is the use of consumer data without consent. As many as 80% respondents indicated this as the key reason. What this means is that companies need to pay more attention to how data are handled. If you’re using Microsoft Dynamics AX/365, consider our Data Protection Suite to make sure the data are handled with due diligence.
Too sensitive for disclosure!
If you don’t need to show personal and sensitive data to anyone – don’t do it! Sounds simple, but what does sensitive exactly mean? This is data or a set of data that may lead to unambiguous identification and may in turn, be disclosed, willingly or not, to people who are not supposed to have such access. Sensitive data include:
- names and surnames
- addresses
- VAT numbers
- telephone numbers
- national ID numbers
- bank account numbers
- email addresses
- employment commencement dates
- employment termination dates
- dates of birth
- supplier names
- distributor names etc.
Anonymizing entire databases
Database anonymization means that a copy of an entire database is created and is then dumped on another environment. In other words, bulk anonymization and pseudonymization on non-production environments are performed for business, test, and development purposes. Throughout the lifecycle of the MS Dynamics AX/365 FSCM application, your organization’s IT team need to copy entire databases to be used by developers, testers, and business users. This means real production data must be involved. However, test engineers are more interested in the internal processes and dependencies rather than real data values, so dummy data are enough in most cases.
The same goes for developers. And business users such as the chief accountant may wish to perform a risky business operation on a test or reference environment rather than on production. In such a case, you want to make double sure the operation is safe before going live with real data. Another scenario is when you want to filter out some transactions for the testing team or the total sales volume of the largest distributors for the development team. Even though you’re not legally obliged to this, this may be a wise decision for business reasons – you’re making sure that the wrong person does not see it.
Protecting Bulk Data
Anonymization means overwriting real values with a character string in validated format and is irreversible. Since anonymization is irreversible, what if you need to retrieve the data at some point? You can also pseudonymize your data, which is reversible. This is useful when original data need to be stored hidden as they may need to have restricted access to them later. With the Data Protection Suite from XPLUS this laborious task is simpler and efficient and blends in with the MS Dynamics AX/365FSCM application.
The legal and business requirements and challenges
Before you sit down to work, you need to consider the legal side of the coin. Basically, you need to consider the legislature, which may be more than GDPR and PII, and see where you stand. Perhaps there are also some local regulations that need to be observed. So, in other words, you need to translate legal requirements into your ERP app features. You also need to make sure that the process is end-to-end and meets all business requirements. The quality and accuracy of the encrypted data is the number one requirement, so no random hashing may take place, data need to be anonymized or pseudonymized in a consistent fashion and in a validated format. Bear in mind that when requirements are changing, both business and legal ones, you need to keep abreast of them and continue encrypting – anonymizing or pseudonymizing the data – meeting these ever-changing requirements.
The solution
Clearly, data handling has become an important issue. It is a point where your business can go two ways. It is easy to lose customers because of data mishandling, insufficient protection by failing to adhere to legal norms such as GDPR and other local regulations or simply good business practices. And then again, you can use extremely efficient tools from the Data Protection Suite, which facilitate database and personal data anonymization and pseudonymization.
Check also our e-book: Automatic Data Base Personal Data Protection
