Microsoft Dynamics 365 is taking the upcoming enforcement of GDPR rules from the 25th of May 2018 in the European Union seriously. For those who are not familiar with the term I am pasting a short description from this Wikipedia article:
“The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC)of 1995. The regulation was adopted on 27 April 2016. It becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require national governments to pass any enabling legislation, and is thus directly binding and applicable.”
Microsoft is not only helping customers achieve compliance within the standard platform but is also providing tools for developers to ensure that any extensions developed upon the platform are GDPR compliant. This proves that “GDPR compliance” is not just a marketing buzz word but an important strategic goal that Microsoft wants to help its customers to achieve.
One example is a new property named General Data Protection Regulation (GDPR) on table fields for the developer to set within the Visual Studio property inspector. It is used to classify the data field for compliance with GDPR and has been available since Platform Update 8.
The available options are:
- Access control data – Data used to manage and access to administrative roles or sensitive functions.
- Customer content – Content directly provided/created by admins and users. This is the default value.
- End User Identifiable Information (EUII) – Data that identifies or could be used to identify the user of a Microsoft service. EUII does not contain Customer content.
- End User Pseudonymous Information (EUPI) – An identifier created by Microsoft tied to the user of a Microsoft service. When EUPI is combined with other information, such as a mapping table, it identifies the end user. EUPI does not contain information uploaded or created by the customer (Customer content or EUII).
- Support data – Data provided to Microsoft as part of Support activities.
- Account data – Customer billing information and payment instrument information. Administrator contact information, such as tenant administrator’s name, address, or phone number.
- Public personal data – Publicly available information that Microsoft obtains from external sources. Public personal data is not Customer content, EUII, or EUPI since the data was not input by the customer.
- Organization Identifiable Information (OII) – Data that can be used to identify a tenant, generally config or usage data. This data is not linkable to a user and does not contain Customer content.
- System metadata – Data generated while running the service, not linkable to a user or tenant.
- Public non-personal data – Publicly available information that Microsoft obtains from external sources. Does not contain Public personal data.