Solution Properties
Solution ID:
200603061758141
Last Modified Date:
Tue Jan 24 11:04:27 UTC 2023
Taxonomy Path:
Case category//How do I...//governmental/legislative compliance
Author:
[email protected]
GDPR – Individual rights and Sage 200
Description

The holding of personal data in Sage 200 Professional / Standard is for the purpose of fulfilling a contract. However, if you’ve entered any personal data, you need to make sure you’re aware of an individual’s rights.

NOTE: The GDPR Report and other reports relating to GDPR, are only available within Sage 200 Spring Enhancements and above. The ability to amend data can still be done in older versions of the program



Cause
Resolution
Right to be informed

You must tell people what you're doing with their personal data, this includes any personal data you hold in Sage 200 Professional / Standard. Your company would normally need a privacy policy to cover this. You can find out more about what type of information you need to inform individuals about from the ICO website.

Rights of access

Individuals have a right to access their personal data, so they are aware of what data you hold and what you're holding it for. They have a right to:

  • Confirmation that their data is being processed
  • Access to their personal data
  • Other supplementary information

If an individual sends you a subject access request, you must send them the relevant information. Read more >

Right to rectification

You must make sure that the personal data you hold for individuals is accurate and kept up to date. If an individual asks you to correct their data, you must update this in your software. You must respond to the individual within one month, or two months if the request is complex.

If a data subject request is received, you need to check and update any data you hold for them within the software. You can run the GDPR Contact Check Report which is located within the Accounting System Manager in Sage 200 Professional or within the Settings within Sage 200 Standard. This searches within the software for the name of the person making the request by checking the contact names. You can then follow the steps below to amend the contact. As mentioned above, this report is only available within Sage 200 Spring Enhancement and above.

Right to erasure (right to be forgotten)

Unless there's another legal reason for keeping personal data, you must delete or remove the data at the request of the individual. In Sage 200 Professional / Standard, you can overwrite the information in the relevant records to anonymise it, for example, change the contact name to XXX.

In this example, a contact is amended within a customer record.

Run the GDPR Contact Check Report from the Accounting System Manager then click General Data Protection Regulation to see if a record contains the name you want to remove. In this case, the data subject's name has been found as a contact on a customers record.

Click Amend Account and click the Contacts tab. Then find the person you want to amend.


Delete the name and enter XXX instead.

You would also amend any other personal data, for example the email address and do the same.

If you use any non-standard fields for data for example a sales person name within an analysis field, you need to consider this when any data subject requests are made.

You can find out more about when this right applies and other conditions from the ICO website.

Right to restrict processing

Individuals have a right to block or suppress processing of their personal data. If they request this, you can still store their personal data, but you can't process it further. You can keep just enough information about them to make sure the restriction is respected in future. Read more >

If necessary, you can amend information within a record to anonymise it or remove the non-relevant information.

Right to data portability

If you hold personal data for an individual, they have a right to request that the personal data is returned to them in a machine-readable format, for example, an Excel or CSV file, rather than a Word or PDF document. Read more >

Right to object

Individuals have a right to object to you processing their personal data. This is mainly aimed at using their data for direct marketing, including profiling, however there are other legitimate reasons for objecting. Read more >

If necessary, you can amend information within a client’s record to anonymise or remove the non-relevant information.by following the steps above.

Right not to be subject to automated decision making, including profiling

Individuals have a right to object to being subject to a decision based solely on automated processing, including profiling. If you use an automated decision-making system, it should allow for a human intervention. Read more >


Sage Legal Disclaimer

The information contained in this guide is for general guidance purposes only. It should not be taken for, nor is it intended as, legal advice. We would like to stress that there is no substitute for customers making their own detailed investigations or seeking their own legal advice if they are unsure about the implications of the GDPR on their businesses.

While we have made every effort to ensure that the information provided on this website is correct and up to date, Sage makes no promises as to completeness or accuracy and the information is delivered on an “as is” basis without any warranties, express or implied. Sage will not accept any liability for errors or omissions and will not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise from the use of or reliance on this information or from any action or decisions taken as a result of using this information.

Steps to duplicate
Related Solutions