IFS, the global enterprise applications company, announced that new functionality has been released for IFS Applications to support General Data Protection Regulation (GDPR) compliance. The enhancements to IFS Applications empower IFS customers with important capabilities that facilitate compliance with the new regulation, which comes into effect on May 25, 2018. A similar update for IFS Field Service Management will be released in Q1 2018.
GDPR compliance is supported by the new functionality that is included in IFS Applications 9 as of update 10 and onward, which is available now. Similar functionality will support IFS Field Service Management 5.7 from update 3 and onward from late Q1 2018.
The new functionality will support compliance with GDPR requirements through all the key processes related to personal data management:
Lawful collection: According to GDPR, personal data is to be collected solely for specific defined purposes and only stored for as long as necessary for such purposes. The new functionality facilitates this by allowing each data subject to be identified and have one or more defined purposes for personal information processing attached to them, including duration, where each can be associated with one or more lawful basis for processing.
Secure storage: Personal data must be entered and stored securely within systems used for its processing and in accordance with the access permissions necessary for the purpose for which it has been collected. Complementing the existing mechanisms for role-based data access, the new functionality facilitates this by providing a set of dedicated mechanisms and windows facilitating management of data subjects, personal information items, purpose of data processing, data removal and anonymisation, and date-controlled consent.
Secure recall/relay: Having the ability to recall and relay the data is an essential component of GDPR compliance. The new functionality facilitates this by introducing a new standard report which can be run for a specific data subject recorded within IFS Applications or IFS Field Service Management, and outputs relevant information including all data held, the purposes for which the data is held with relevant expiration dates and the legal basis to which the data and purposes comply.
Secure maintenance/removal: Three of the key requirements under GDPR are to maintain up to date records, the right of the data subject to be forgotten, and the need for the data controller to retain records for lawful purposes other than consent. The new functionality facilitates this by providing capabilities to support data maintenance processes. It provides the data controller with the possibility to clean up data, remove, or anonymise it (as appropriate), depending on the data subject’s preference or the expiration of the data retention period.
Lawful usage: Holding personal data in the system and being able to recall, report and remove data when required is essential and all of it relies on correct setup, maintenance and usage of personal information which in turn is reliant upon ease of access, visualization of data and the ability to be informed. The new functionality facilitates this by providing a single entry point to access and control the purposes and basis for processing.
“By enhancing IFS Applications and IFS Field Service Management with GDPR compliance support, we offer our customers integrated and intuitive software functionality to facilitate compliance with the new regulations that enter into force in May this year,” said Steve Treagust, Global Industry Director of Finance, HCM and Strategy at IFS. “In addition to supporting GDPR compliance, the new capabilities will also enable companies to improve data management processes to enhance data quality with more relevant data, and reduce the quantity of irrelevant data, resulting in significant cost reductions.”
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy. The enforcement date is 25 May 2018. You can find more information here.