The European General Data Protection Regulation has been in force for some time now, more precisely since 25. May 2018. Despite high fines for non-compliance, only ¼ of companies in Germany seem to have fully implemented the GDPR so far. This was uncovered by a representative survey conducted by the digital association Bitkom Especially, the conversion of the extensive information and documentation obligations are time-consuming and thus costly for many companies. If you already use Microsoft Dynamics 365 Online, you can be assured that your CRM is already GDPR compliant. Let's take a closer look at what Microsoft is doing to adhere the strict data protection guidelines!

GDPR dynamics 365

Data Storage in Microsoft Dynamics 365

In the Microsoft data centers, the data is encrypted according to a high standard. For data at rest, the TDE (Transparent Data Encryption) technology is used, which was developed in cooperation with IBM and Oracle. This technology fully encrypts the data in the main memory and in the backup memory. But even on the way from the application and back, the data is always encrypted in order to keep a potential loss of data as low as possible. This is where the hybrid TLS (Transport Layer Security) encryption protocol comes in. Microsoft protects the Dynamics 365 Online Server against DDoS (Distributed-Denial-of-Service) attacks and carries out regular stress tests.

The Microsoft Compliance Manager

Microsoft has released the Compliance Manager as a tool to support the management of cloud-based Microsoft products such as Dynamics 365. With this tool, you can analyze the GDPR compliance of your entire Microsoft cloud-based infrastructure and assign tasks to others to meet these requirements. Microsoft Dynamics 365 online users will quickly notice that implementing the guidelines is a lot easier compared to the On-Premise version. The tool helps to prove GDPR conformity in the event of an audit. More information about the Compliance Manager can be found on the official Microsoft website.

Compliance Manager

Audit History in Microsoft Dynamics 365

With Dynamics 365 it is possible to activate an audit history for entities with sensitive data to guarantee a complete verification of all data. Data record-based creation, update and deletion processes can be monitored. In addition, it is possible to document which users had access to certain data and when they were created, deleted or which security permissions they had. The audit process can be very helpful in achieving GDPR compliance.

Audit Dynamics 365

Security Roles in Microsoft Dynamics 365

In Dynamics 365, you have the ability to restrict who has access to what kind of data. You can assign security roles to teams, business units, and individual users to easily define and control which records Dynamics 365 users can read, update, and delete. But not only at the entity level you have the possibility to make restrictions, individual fields can also be restricted in their visibility and modifiability. You can also quickly and easily view the permissions of individual users to check which entities they have access to.

Security Roles Dynamics 365

Double Opt-In Process with ClickDimensions

Using the marketing automation tool ClickDimensions, you can easily map the double opt-in process within the CRM. Thanks to the web forms (registration forms that can be placed on the website via an iFrame), e-mail templates and automated contact or lead creation, you have all the necessary features to make the newsletter registration GDPR compliant. The proof of documentation is always guaranteed with ClickDimensions. Although the tool must be purchased additionally, ClickDimensions is the first choice for companies who want to take their marketing activities into their own hands!

Avoiding High Fines

Obviously, just because you start using Microsoft Dynamics 365 in your company, it doesn’t mean that your entire organization is GDPR compliant. The system and additional tools must be adapted to your needs and requirements. However, Microsoft Dynamics 365 offers you a good basis with which you can achieve GDPR conformity faster than companies without the online solution from Microsoft.