Logo GDPR ReportKit

The fast, comprehensive data disclosure report compliant with GDPR

Since May 25, 2018, the General Data Protection Regulation (GDPR) has been binding in all EU member states. This European Union regulation governs data protection law – that is, the way that private businesses and public authorities handle personal data – uniformly throughout Europe. It applies to all businesses within the EU and also to companies based outside the EU that have a subsidiary in the EU or that process the personal data of EU citizens.

A particular focus of the GDPR is the strengthening of the rights of affected persons. One of the most important innovations is thus an extended right to disclosure that grants affected persons the right to extensive information about their data. Companies will therefore be obliged in future to disclose on request the personal data they have processed. If the affected person has provided the information themselves, the portability obligation will additionally apply. Companies will then have to provide the data once again in a common electronic format and even transfer it directly to third parties if requested to do so.

The request for information must be responded to without unreasonable delay and at the latest within one month. Any organization that does not comply with the duty of disclosure will be faced with severe penalties. Breaches of data protection law will be punished with significantly higher fines under GDPR than they have been under the Federal Data Protection Act.

This means, then, that from May 2018 you must be in a position to be able to identify and retrieve all personal data stored in your ERP system on an ad-hoc basis. Regardless of whether they are a customer, a supplier, or a current or former employee, any person whose personal data you process may ask you to provide them with a report about that data. And the scale of this challenge should not be underestimated: this data is spread over hundreds of tables in your system.

Automated personal data report from Dynamics AX

To ease your workload here, Sven Mahn IT has developed the SMIT GDPR ReportKit for Microsoft Dynamics AX. The SMIT GDPR ReportKit and the Dynamics Office integration software Atlas automate the querying process as well as the preparation of reports.

The SMIT GDPR ReportKit is a collection of Atlas templates that searches all relevant personal data across the various Dynamics AX tables. Individually by role, all significant tables of the standard Dynamics AX system are searched and the data exported in Microsoft Excel. From this a report is generated in PDF format that you can send directly to the requester. In addition to the data itself, the report indicates the data categories about which you must also provide information under the disclosure obligation.

The SMIT GDPR ReportKit is quick and easy to use. Neither system knowledge nor effort in installation or training are necessary. And if you collect additional personal data in your customized Dynamics AX system in your own tables, the templates can be easily expanded. Only a basic knowledge of Atlas is required. We are happy to help you adapt the templates or to provide additional advice if needed.

The SMIT GDPR ReportKit further offers valuable support to your data privacy officer in meeting the disclosure obligation for personal data. This is because, under GDPR, you are also obliged to provide affected persons with information about your processing of their personal data, such as the source of the data, the purpose of processing, past and future recipients, the duration of storage and deadlines for deletion. The SMIT GDPR ReportKit provides your data privacy officer with a quick overview of all sensitive data collected and thus provides him or her the ideal basis on which this additional information can be compiled.

The SMIT GDPR ReportKit offers you

  • Collection of Atlas templates for Microsoft Dynamics AX 2012
  • Quick, comprehensive personal data report
  • Fulfillment of the disclosure obligation for personal data
  • Fulfillment of the portability obligation
  • Support of the data privacy officer