Dynamics 365 users who hold or process data on EU citizens must comply with the requirements of the General Data Protection Regulations (GDPR), or risk fines of up to 4% of turnover or €20M ($23M), whichever is the greater.
data8 provenance™ provides a solution, within Dynamics 365, to managing the use of consent as a legal basis for data processing to GDPR standards. It also allows you to keep important business information while still fully complying with the subject's "right to be forgotten".
data8 provenance™ offers the ability to quickly record consent as it is given or withdrawn, and enforces these consents in your use of CRM for marketing to prevent unwanted contact. Consent is stored along with time and date, and specifics of what has been consented to. This allows the building of an audit trail that can be referred to in case of any future disputes.
Record the grounds under GDPR that you are using to process a marketing list (consent, legitimate interest etc.) so all bulk data processing can be justified with appropriate Privacy Impact Assessments.
Ensure your marketing automation users can only see a filtered view of marketing lists, excluding any records that do not have the appropriate consent.
Implement the right to be forgotten without deleting your records. The user can configure which fields are erased and which are to be securely hashed when the right to be forgotten is invoked. A hashed key field such as email address prevents data being accidentally re-imported in the future.
By using data8 duplicare™ with data8 provenance™, if a previously erased individual re-engages with you, you can quickly find and reactivate the previously erased record and re-populated the personal data fields.
When used together data8 provenance™ and data8 duplicare™ will provide a data govenance protocol for data integrity and consent management by reducing the amount of duplicate records with conflicting consent statements. Together they also allow users to manage the health of your data against GDPR by auditing the data and producing GDPR Red Flags based upon any conflicting consent statements. This can be used with the out-of-the-box contact preferences but becomes more powerful when aligned with data8 provenance™ as it allows you to merge and track consent statements. It is also possible to build entity specific rules.