General Data Protection Regulation (GDPR) in ERPAG

February 28, 2024

Until few years back, GDPR strictly meant Gross Domestic Product of Region. But, since 2016 (in Europe) and 2018 (in California, USA) GDPR abbreviation got a new meaning – General Data Protection Regulation.

The goal of GDPR is to give you more control over how your data is collected and used. The GDPR is introduced because the old laws written before smartphones started collecting massive amounts of sensitive information for companies like Google and Facebook. It gives organizations guidelines on what they can and can’t do with obtained data. And it also makes them give users more clarity over the kind of data being used and how companies will use it.

What kind of data falls under GDPR? Any data that can identify you – name, phone number, username, even IP or location data.

People can ask that their data is deleted or hidden, and that is exactly what ERPAG users can do! Well, not delete but you can hide the sensitive personal data from your operators.

Defining GDPR for Operators in ERPAG

You start off by creating a new User in ERPAG. The user has to be an operator, as Admin has full access. More about User Authorization and setup: https://www.erpag.com/news/user-authorization

Defining GDPR for Operators in ERPAG

Currently you can hide information of Webshop customers, Customers, Suppliers, Contact persons, Employees, Loyalty. There is also the possibility to “Retrieve (show) personal information”.

Webshop customers are separated from regular customers, because regular customers are companies, entities, businesses who’s data is not that private. Their data is often easily accessed by public, as most companies have their locations, emails and phone numbers listed online. It’s different for regular people/users, that are not companies or any legal entities, but they are making purchases online via web shops.

Admin has full access as they need to know Company name, shipping address, contact person and their phone number. But, with GDPR that data is easily hidden from operators (for example shop floor personnel, manufacturing facility, people who are just packing the items, etc.). It prevents your workers from taking the personal information of your customers (such as phone numbers, emails) and misusing them for personal use such as sending spam emails, or job inquiry.

User (Operator) setup

We will show you an example of what an operator sees in ERPAG system, after we turn off Personal Information of Webshop customer, customer, contact person, employee and loyalty. We will leave “Retrieve personal information” in order to show you how that button works! This operator will be able to see the Supplier info.

user authorization setup

Admin’s view

As you can see, as an Admin, I have full customer information visible on my ERPAG account:

customer from admin's point of view

And on the Sales Order screen, I’m able to see the customer information:

sales order list

Operator’s view

If I login as an operator with limited view, I’m still able to see the full supplier list & information (as I’m allowed to see that):

supplier list

However, if I go to the Customer list, I will only see their KEY. The sensitive data, such as email, city, address are completely hidden. The customer name is presented as “Customer – 0002 (key), Customer – 0003”, etc. The full company name is not visible at all. And if I open any customer by clicking on the “key”, I won’t be able to see the sensitive data, according to GDPR.

customer list

If I open a customer, which has a contact person, I won’t be able to see any personal information. Especially email & phone number, as they are considered sensitive data. I won’t be seeing that data even in edit mode!

customer

Same thing if I go to the sales order list, or if I open a sales order. Or even if I try to print/download it:

sales order list
sales order print

What about creating a new Sales Order? Employees list?

Upon creating a new document (sales order) I wont be able to select the customer based on his name. But I will be able to select it based on the KEY. While the rest of the personal information remains hidden:

new sales order

Or even if I try to pack the existing sales order, I won’t be able to see the personal information:

hidden names : GDPR ERPAG

If I email the document, I won’t be able to see the customer’s email. But the email will be delivered to the right address.

And, since I have limited view over Employees list as well, that data will be hidden as well. You get the picture 😉

employee list

Assigning the work operation would be across employee number (key), instead of personal name:

assign work operation

All this data exists in the system, it’s just not visible to operators with limited GDPR access.

Retrieve personal information

If you checked off this option for your operator, you gave him the privilege of viewing the personal information with a click of a button! They just need to confirm it on the pop-up screen:

retrieve personal information
retrieve personal information for customer
visible customer information

This user activity is also logged into the User activities list under the Administration menu:

Note that this works only in the customer view. If I open the sales order, or try to create a new document, the personal information of this customer will remain invisible to me.

Hidden personal data in ERPAG mobile application

ERPAG will successfully hide the personal information in the mobile application as well

mobile application
ship in mobile app

Start NOW

Read More

Related Posts

ERPAG Change Log 04-10-2024

ERPAG Change Log 04-10-2024

We prepared a new set of changes that are already up and running in your databases! Backdating documents - you can now change the document date: https://www.erpag.com/news/change-doc-date You can now undo document actions (such as pack, receive, invoice, record...

read more
Change Document Date

Change Document Date

In ERPAG, the document date change feature allows users to modify the date associated with various documents within the system. These documents can include sales orders, purchase orders, invoices, bills, receipts, and other transactional records. The document date...

read more