The General Data Protection Regulation (GDPR), which just came in force, enhances the rights of an individual on the personal data any organisation holds on them. We highlight the main points on how GDPR affects your Sage 50 data.
The General Data Protection Regulation (GDPR), which just came in force, enhances the rights of an individual on the personal data any company or organisation holds on them.
Primarily, individuals have the right to know:
– the reason you hold data on them
– what you use it for
– and most importantly, the right to request that the data be amended or destroyed.
How does all of this relate to your Sage 50 accounting data?
If data held in Sage 50 is personal data, one needs to make sure that he / she is fully aware of the rights granted to such an individual under GDPR. Hence, it is recommended that businesses review their procedure to ensure that they comply with GDPR provisions. In a nutshell, GDPR stresses that:
Individuals have the Right to be informed
It is recommended that a Privacy Statement is drawn up to cover the personal data in Customers / Suppliers in your Sage 50 package.
Right of access to information
An individual has the right to request access to their data. If such a request is made, such information must be sent. Sage 50 has specific reports in the Customers and suppliers module which allow you to issue such information. In the newer versions of Sage 50 (via the update released in May 2018), new reports exist under the GDPR section in the Customer’s module
Right to correction of data
Accuracy of data is key. An individual may request you to correct their data. Such data (name, address and emails among others) can be updated in your Sage 50 customer and supplier records.
Right to delete data and restrict processing
Unless there is a legal reason for keeping such data, should an individual requests that their personal data is deleted, then such a request must be followed through. Individuals also have the right to ask you to stop any further processing of their data
Should Sage 50 disallow you to delete such records (due to previous transactions which cannot for whatever reason be removed) , then the personal data can be anonymised in the customer or supplier record.
Right to data portability
Individuals also have the right to request to be given any data in a structured and machine readable format. In this respect, Sage 50 allows you to export data in multiple formats including CSV, PDF, and Microsoft Excel formats. Such data can then be passed on to your client.
Right to object
Finally, GDPR states that with respect to personal data which is being used for marketing and / or profiling, an individual has the right to object to such processing.