Dynamics Data Protection - Data Management
In This Topic
Accounts
General
Typically a data processor is another company you use to help you store, analyze, or communicate personal information. For example, if you are a health insurance company and you share information about clients via encrypted email, then that encrypted email service is a data processor. Or if you use a web analytics platform to analyze traffic on your website, the company providing the platform would also be a data processor.
In the section Data Protection Details you can define if an account is processing data and if they process data outside of the EU. If an account is processing data you should have an approved Data Processing Contract registered for that account.
If a data processor is processing data outside of the EU, the fields Country Data Sharing Agreement and Country Data Sharing Agreement Details will be visible and business required.
Data Processor Views
The following views have been defined for data processors:
| Data Processors Inside the EU |
A list of all active data processors who are processing data inside the EU. |
| Data Processors Missing Contracts |
A list of all active data processors who are not linked to a Data Processing Contract. |
| Data Processors Outside the EU |
A list of all active data processors who are (also) processing data outside the EU. |
| Data Protection All Accounts |
A list of all active accounts (including data processors). |
| Validate if Accounts are processing data |
A list of all active accounts where the flip switch Processing Data has not been set yet. |
Data Processing Contracts
General
Virtually every business relies on third parties to process personal data. Whether it’s an email client, a cloud storage service or website analytics software, you must have a data processing contract with each of these services to achieve Data Protection compliance.
The EU General Data Protection Regulation takes a more serious approach to contracts than previous EU data regulations did. If your organization is subject to the GDPR, you must have a written data processing contract in place with all your data processors. Yes, a data processing contract is more annoying paperwork but it is also one of the most basic steps of GDPR compliance and necessary to avoid GDPR fines.
Data Protection compliance requires data controllers to sign a data processing contract with any parties that act as data processors on their behalf.
A data processing contract is a legally binding contract that states the rights and obligations of each party concerning the protection of personal data.
| Data Policy |
This field is used to link the data policy associated with the data processing contract which specifies what types of data processing activities are allowed. |
| Data Processor |
This field is used to link the account that will be data processor for the agreed data processing contract. |
| Data Processing Contract Number |
This field is used for storing the data processing contract number. |
| Master Contract Number |
This field is used for storing a master contract number if the data processing contract is part of a master contract. |
| Primary Contact Signatory |
This field is to link the primary contact who has signed the data processing contract. |
| Contract Signed Date |
This field is used to record the date when contract was signed. |
| Contract Expiration Date |
This field is used to record the date when the contract will expire. |
| Approver |
This field is used to record the user who has approved the contract. |
| Approval Date |
This field is used to record the date on which the contract has been approved. |
| Description |
This field is used to capture any relevant data processing contract details. |
| Appointed DPO |
Appointed DPO who is responsible for the contract with the data processor. |
A data processing contract can have the following statuses: Draft, Signed, Approved and Inactive. The statuses from Draft to Approved are set when the Business Process Flow stages are finished one by one.
Data Processing Contracts Views
The following views have been defined for data processing contracts:
| Draft Data Processing Contracts |
A list of all draft data processing contracts. |
| Expiring Data Processing Contracts |
A list of all expiring data processing contracts. |
| Expiring Data Processing Contracts - Next 2 weeks |
A list of all active data processing contracts that will expire in the next 2 weeks. |
| Expiring Data Processing Contracts - This Year |
A list of all active data processing contracts that will expire this year. |
| Inactive Data Processing Contracts |
A list of all inactive data processing contracts. |
| Signed Date Processing Contracts |
A list of all signed data processing contracts. |
Data Processing Activities
General
In order to demonstrate compliance with Data Protection, a controller or processor should maintain records of data processing activities under its responsibility.
'Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
| Data Processing Activity Start Date |
This field is used to record the date from which the data processing activity started on. |
| Years |
Number of years which is used to calculate the Life Span in Months. |
| Months |
Number of months which is used to calculate the Life Span in Months. |
| Life Span in Months |
This field is used to indicate for how long the data is supposed to be processed for in months. The field is calculated based on number of Years and Months. |
| Data Subject |
This field is used to specify which data subject type this data processing activity will apply to. |
| Data Processing Tool |
This field is used to specify which data processing tool is used to process this data processing activity. |
Data Processing Activities Views
The following views have been defined for data processing activities:
| Data Processing Activities for Customers |
A list of all active data processing activities of data subjects of type Customer. |
| Data Processing Activities for Employees |
A list of all active data processing activities of data subjects of type Employee. |
| Data Processing Activities for Others |
A list of all active data processing activities of data subjects type Other. |
| Data Processing Activities for Partners |
A list of all active data processing activities of data subject of type Partner. |
| Data Processing Activities started in the last 6 months |
A list of all active data processing activities started in the last 6 months. |
| Data Processing Activities started last week |
A list of all active data processing activities started last week. |
| Data Processing Activities started last year |
A list of all active data processing activities started last year. |
| Inactive Data Processing Activities |
A list of all inactive data processing activities. |
Data Policies
General
A Data Policy is a statement that sets out how your organisation protects personal data. It is a set of principles, rules and guidelines that informs how you will ensure ongoing compliance with data protection laws.
In the data policy form some specific settings of the policy need to be defined. Further it is possible to see it's related data processing activities, data consents and data processing contracts.
| Years |
Number of years which is used to calculate the Life Span in Months. |
| Months |
Number of mothss which is used to calculate the Life Span in Months. |
| Data Life Span in Months |
This field is used to indicate for how long the data is supposed to be processed for in months. The field is calculated based on number of Years and Months. |
| Data Policy Type |
This field is used to indicate if the data policy is intended for Data Consents or Data Processing Contracts. |
| Consent Level |
This field is used to specify the consent level of the policy to link up to the contact and lead consent levels. |
| Consent Level Substatus |
This field is used to specify the consent level substatus of the policy to link up to the contact and lead consent levels. |
| Data Policy Review Date |
The date when the policy should be reviewed. |
| Related Knowledge Article |
This field is used to link up to the related Knowledge Base article. |
| URL |
This field is to capture an external URL that is related to the data policy. |
| Description |
Field to capture the policy details. |
A data policy can have the following statuses: Draft, Revised, In Review, Approved, Published and Inactive. The statuses from Draft to Published are set when the Business Process Flow stages are finished one by one.
The tab Settings contains additional fields of which Consent Expiry Date is an important one. By default the value if this field is set to Business Required which results in the field Data Life Span in Months to be mandatory. Data consents created based on data policies where this field is set to business required, will always have an expiry date. However, when value of the field is set to Optional, the field Data Life Span in Months becomes invisible and it is possible to create data consents with no expiry date.
| Approval Date |
The date of approval of the Data Policy. |
| Consent Expiry Date |
Set the field to Business Required if Data Consent must have an expiry date. For Data Consents without an expoiry date, the field should be set to Optional. |
Data Policies Views
The following views have been defined for data policies:
| Approved Data Policies |
A list of all approved data policies. |
| Data Policies Expiring in 2 Weeks |
A list of all active data policies expiring in 2 weeks. |
| Draft Data Policies |
A list of all draft data policies. |
| In Review Data Policies |
A list of all in review data policies. |
| Inactive Data Policies |
A list of all inactive data policies. |
| Published Data Consent Policies |
A list of all published data policies of policy type Data Consent. |
| Published Data Processing Contract Policies |
A list of all published data policies of policy type Data Processing Contract. |
| Revised Data Policies |
A list of all revised data policies. |
