The Oakley ERP Blog

How ERP can help your business become GDPR compliant in 2018
Thursday January 18, 2018

If you exchange in client data of any kind you may already be aware of the impending GDPR (General Data Protection Regulation) that comes into effect later this year.

If not, this blog will explain a little about what to expect of this change in data regulation and how important having an ERP Solution is in helping your business become fully compliant before the May 25th deadline.

The new regulation is a chance for you and your business to put into place steps to ensure clients and customer data is protected and that they have given full consent to being contacted by you in future communications.

GDPR is the biggest ever shake-up in how we collect and store the personal details of others in over 20 years.

So how can ERP systems such as Sage 200 and Sage 300 help centralise and regulate data held within your business?

Managing data security

The upcoming GDPR is not just an IT or software issue; it’s a wider legal responsibility that will affect everyone who collects and uses the personal data of others. GDPR may be the first time that businesses have had to think and evaluate the way in which their data is processed, and the truth is there is no single piece of software or system that can manage this kind of compliance fully on its own. However, an ERP Solution is ideal for tackling the upcoming GDPR, integrating your business systems and processes and encouraging a full circle of data sharing and availability.

Details of where data has come from, how long it will be held for and how it has been or will be shared, are just some of the questions you must answer, and evidence should you be challenged. Relying on multiple systems to cross-check this type of information raises the risk of data breaches.

Reducing the number of systems that have control and overviews of your data, greatly increases your GDPR compliance.

“The right to be forgotten.”

A pivotal aspect of the new GDPR regulation is consent. Does the recipient of your communications consent to being contacted by your organisation? After May 25th, if you do not obtain explicit consent, you will be breaking the law. The right to be forgotten comes into play when individuals contact an organisation and request personal data associated with their account be deleted entirely. Tick boxes to agree or disagree will no longer be allowed. Instead, communications must stipulate in full English how someone’s data will be used. Furthermore, the business must be able to demonstrate, when challenged, how and when a contact gave full consent.

ERP systems work by providing a central point for customer data. Contact records, history, email correspondence and additional notes provide the audit trail required to evidence consent for compliance.

An opportunity, not a hinderance

Panic is sure to have ensued when the GDPR was first announced, with many wondering how they will tackle their data before the deadline. However, when the dust settled many realised the great opportunity the regulation provides in re-evaluating their business strategies.

Take the GDPR as a chance to push forward as a fully customer-centric business that champions transparency and demonstrates the value of customer privacy.

An effective ERP solution will be the first step in providing a single view of truth when it comes to your customer data and how you use it.

If you’d like to know more about how an ERP system can help you become fully compliant before the GDPR comes in effect this May, then contact one of our consultants on +44 (0)1268 724005.


Written by at 09:09