What is GDPR?
The General Data Protection Regulation (GDPR) is a new legal framework that replaces the EU Data Protection Directive and is enforceable beginning on May 25, 2018. The purpose of the GDPR is to further protect the privacy rights of EU individuals by governing how organizations manage and protect personal data pertaining to EU persons, regardless of where the personal data is collected, transferred, stored, or processed.
GDPR has numerous changes from the existing law that affects how EU personal data should be handled and may impact every department across many businesses worldwide. It is expected to affect any organization that processes EU personal data for itself or on behalf of others, as well as suppliers and other third parties that may process EU personal data for organizations.
If you operate a U.S.-based multinational enterprise doing business in the EU, you’re are likely extremely aware of GDPR. You may also be painfully aware that you are not ready for the impending compliance requirements to protect Personally Identifiable Information (PII).
Your systems and software are important considerations when looking to meet the requirements of GDPR, and should be part of adopting a robust organization-wide approach to GDPR
compliance. Examples of personal data include name, email address, phone number, physical address, device identifiers like IP addresses, geolocation information, health information,
financial information, age, date of birth, etc. Despite the fact that data — such as an individual’s name or email address — might be available through public searches or other public records, it may be considered personal data that must be protected under the GDPR. GDPR requires organizations to inform individuals of high risk data breaches, in addition to notifying the relevant data protection authorities. Much of what is required to meet the requirements of the GDPR is process related, and organizations should consider the following:
- Identify the personal data you have and where it resides. Implement robust governance on how personal data is accessed and used.
- Establish appropriate security controls to prevent, detect, and respond to data breaches and vulnerabilities.
- Respond to requests from individuals asserting their data protection rights – including requests to provide an individual with a copy of their personal data.
- Maintain documentation of compliance, including records of processing activities and responses to requests from individuals.
- Report any data breaches in a timely fashion, as required by law.
![What is GDPR?]()
Leveraging Epicor ERP?
Epicor is committed to data security and privacy — for both itself and its customers — around the world. Similar to other existing legal and regulatory requirements, Epicor takes its role as a Data Controller and Data Processor seriously. The latest version of Epicor ERP features expanded international financial applications and a new electronic compliance engine to ease complexity, improve visibility and controls to support strong financial operations and reduced risk while lowering the cost of compliance. New functionality localized for specific geographic regions supports compliance and reporting, tax and payment processing, and international trade requirements. These capabilities pave the way for operational expansion into high-growth manufacturing markets.
DocStar ECM
DocStar Enterprise Content Management (ECM), an Epicor solution, is a scalable, strategic cloud-based tool that allows you to manage all of your content securely — from capture to destruction. As today’s escalating regulatory compliance and business growth demand flexibility and scalability, Epicor’s cloud-based DocStar ECM is an example of a compliance-sensitive content management and productivity system that:
- Cuts costs while improving productivity across your organization.
- Empowers and energizes interdepartmental collaboration.
- Improves content visibility to drive faster, smarter decision-making.
- Builds better relationships with customers, vendors, and employees by providing quick answers to questions.
- Eliminates manual document management processes with ERP system integration.
Epicor products and services can contribute to your GDPR compliance when they process personal data. For example, Epicor products and services provide functionality to help meet individual rights requests. Products and services, including Epicor’s hosted solutions, have security measures and access controls. Organizations can incorporate the functionality and procedures in Epicor’s products and services to help them meet their GDPR compliance obligations. Are you leveraging Epicor ERP?
The Epicor experts at CompuData can answer any questions you may have regarding GDPR compliance and Epicor.
Got a question? Contact CompuData today!