NAV GDPR Tools In Action (@NAV 2018 CU4)
Hi Guys,
I have published several posts on the GDPR, we are currently implementing it from several customers, many people still ask me for information on the subject. I have already talked about what to do for the old versions of NAV (which are no longer under maintenance)
But yesterday … the CU4 of NAV 2018 was released (and the other CUs for NAV 2015. 2016, 2017) which includes the TOOLS useful for GDPR. The technical\application modifications have been introduced since CU3, from the CU4 onwards all the necessary tools will be inserted.
PS: Soon my article relational to the GDPR Topic will be published on NAVUG Magazine (article prepared before the CU4 of NAV 2018, therefore generic)
In this post (as promised yesterday in the post on the publication of the CU4 of NAV 2018) i will explain what has been done in CU 4 and how the GDPR tools work.
NAV 2018 CU4 GDPR Tools
If you set this profile you can access to “Data Privacy” menu
PROFILE -> Administration & Security
DATA CLASSIFICATIONS -> Data Classification Worksheet
From this it is possible to classify sensitive data (as described in the GDPR Whitepaper issued by Microsoft), field by field for standard and other custom tables.
It is also possible to set the sensitivity of the data in a massive way, Microsoft has set a standard (base) classification that must be verified and validated.
EXAMPLE
Set Data Privacy on Customer Table
SETUP DATA CLASSIFICATION (WIZARD)
It is possible to export and import from Excel, importing from Excel is useful if you have made a map of the data required for processing (sensible and personal date types).
WIZARD IN ACTION!
Choose the right option!
SAVE TO EXCEL
DATA PRIVACY UTILITY
With this button you can execute two functions:
Export data of the subject
Creation of a configuration package (yes, Microsoft has decided to use the old package introduced in NAV 2013 to export import data and manage the cancellation of data…)
Example
Creation of a configuration Package for “Employee” table
SENSIBLE DATA DECTIONFILTEREXPORT
Now you can export sensitive data detected in the system using this Wizard, you can filter what you need.
TYPE OF DATA
- Sensitive
- Personal
- Company Confidential
- Normal
- Unclassified
FILTER ON DATA SENSIVITY: “ONLY SENSITIVE DATA” in this case
GENERATE PREVIEW
You can extract data in Preview Mode before exporting it, you can check it before exporting it to Excel
EXPORTING TO EXCEL FUNCTION
After exporting to Excel the system logs what has been done (AUDIT & LOGGING FEATURE)
CREATION OF NEW CONFIGURATION PACKAGE
it is possible to create a new configuration package from this wizard
And.. BINGO!!!
..THIS IS A PACKAGE WITH SENSITIVE DATE
Should I encrypt it? NO, it’s not clear, it’s already in binary code.
DATA PRIVACY ACTIVITY LOG
Each activity is tracked and written in the log (as required by the GDPR)
CHANGE LOG ENTRY
You can activate use the old Change Log Entry to track changes to the data (function existing from the first versions of NAV). Take a look at my old post if you do not use it.
My Post about “Track activities Change” in NAV https://robertostefanettinavblog.com/2015/06/09/nav-2015-tracking-sessions-users-activity-change-log/
NAV GDPR TOOLS IN ACTION – STEP BY STEP – MANUALE IN ITALIANO
Date le numerose richieste pervenute al blog, ho redatto anche un manuale in italiano.
Very professional tools. Also Excel Export Buttons in Pages removed. Only the feature “Copy Rows” in List Pages (for example Customer, Vendor, etc…) still exists … Would be a nice feature to have a Page property or System Permission Flag to handle this request, so that the user is not able to export any secure data with Copy & Paste.
yes, i agree.. i asked for this feature 2 years ago (since NAV 2016) to NAV Team, will be implemented soon ! promised by NAV Team.
Hi Roberto, thanks for the nice blog! Do you have any information that the GDPR functionality will be extended in future builds of NAV ? I am reading about the copy rows property, but there might be more in the pipeline?
Hi Roberto, thank you for this blog. Please note that configuration packages are not encrypted. They are zipped xml. Rename the file to .zip.
thanks Miguel !
Thanks for a detailed blog! It helped me a lot.
I couldn’t apply the data sensitivity filter to all employees. It allows me to select only one at a time. Is there any way for complete selection? The same goes for other Data Subjects.
Hi Roberto ,
Thanks for all the details in the blog. Is there any update for NAV versions 2015 to 2017 as well?
Hello Roberto,
thank you for the detailed blog. One remark: To track changes to the data (including deletion of sensitive data), the standard NAV Change Log is not 100% secure, as:
– Change Log Settings may be changed by NAV users at any time, so the Change Log may not be “always on” for the correct tables and fields
– Change Log Entries may be deleted by anyone that has access to Object Designer and a NAV Developer License
I doubt that this meets legal requirements concerning reporting data changes defined by GDPR (DSGVO in Germany).
Therefore, I highly recommend a tool called “NAVCLARC”.
This basically does the same thing as standard NAV Change Log, but is in a separate object ID range protected by license settings. So not even a developer with SUPER Permissions and Developer License may even look into code.
Data and NAVCLARC Change Log Settings are protected by a three-key Access System:
– Key #1 = for the Customer,
– Key #2 = for the external Data Security Auditor and
– Key #3 = an encrypted digital certificate with limited validity Duration (single day or single session) This certificate is released by the tool’s NAV Partner and forwarded only to the external Auditor.
This NAVCLARC Change Log is “always on” and cannot be shut of or manipulated even if 2 of the 3 parties mentioned above join forces – and the NAV Partner surely will not do so 😉
If you wish to learn more please feel free to contact me: eric.otten@dynamicsexperts.de
Hi Roberto, Trying this functionallity in BC15
When I try it on contacts I have found data here, but my customers I see nothing
In the screen Data Privacy Utility
Data Subject : Customer
Data Subject Identifier: I do not see any data here
which is different when I choose Data Subject: Contact
How come