Data Classification in Microsoft Dynamics 365 Business Central

The General Data Protection Regulation (GDPR) was adopted in the EU in 2016, replacing an outdated Data Protection Directive that was adopted back in 1995. The law requires organizations to safeguard data within systems and if organizations are found to be out of compliance there is the potential for some fines. GDPR compliance is not optional so it's no question why Microsoft has included the ability to setup Data Classifications within Dynamics 365 Business Central. 

There are many great resources on the internet for organizations to review information about GDPR but one of the best that I could find was gdpr.eu

Lets get into how to classify information within Business Central now. 

Data Classification Assisted Setup Guide

If you are conducting business within the EU the system is going to know that based on the information in the master records. I received the message below in my environment letting me know that I had records associated with EU. The message read: It looks like you are either doing business in the EU or you have EU vendors, customers, contacts, resources or employees. Have you classified your data? We can help you do that. 


I decided to click on the 'Open Data Classification Guide' to proceed with setting up Data Classification for my tenant. 

I found the Data Classification Assisted Setup Guide to be easy to use. Microsoft included some information around why data classification is important but never uses the term General Data Protection Regulation (GDPR) and even makes sure to have a legal disclaimer that they are not responsible to classify the data appropriately. 


While continuing through the Assisted Setup you have the option to export the classification data to Excel, which is a nice option if you need to share with others in the organization upon review prior to importing into the system. You can also classify the data manually. I chose to export to Excel so I could see what that process looked like. 




Once I proceeded forward in the Assisted Setup the Data Classification Worksheet opened up. This format matched the Excel export as well; however the Excel export didn't include a drop down for the Data Sensitivity field. So if you're going to go that route make sure that things are spelled correctly otherwise when you import back into the system it won't work. Within the Data Classification Worksheet Microsoft is again reminding you that this tool is for "convenience only" and that they are not responsible for any data classified or not classified.

Within the Data Sensitivity field there are five options to select from: 
  • Unclassified
  • Sensitive: Information about a data subject's racial or ethnic origin, political opinions, religious beliefs, involvement with trade unions, physical or mental health, sexuality, or details about criminal offenses.
  • Personal: Information that can be used to identify a data subject, either directly or in combination with other data or information.
  • Company Confidential: Business data that you use for accounting or other business purposes, and do not want to expose to other entities. For example, this might include ledger entries.
  • Normal:  General data that does not belong to any other categories.


Conclusion

Once you have updated the necessary Data Sensitivity fields for the table-field combinations you are done. I would however highly recommend reviewing the Data Classification Worksheet every so often for any changes that need to be made. I would also suggest on setting up Field Monitoring for the Data Sensitivity field within this window incase someone makes some changes that they shouldn't. 

Written by: Kristen Hosman, Microsoft MVP

Comments

Popular posts from this blog

How to use MICR fonts in Dynamics 365 Business Central AND modify the check layout

Voiding a check in Dynamics 365 Business Central

Configuring Microsoft Dynamics 365 Business Central: Electronic Payments (blog series)