With GDPR looming ever closer IFS has announced the release of update 10 for IFS Applications 9. This release includes functionality for companies that will need to ensure they are able to manage the changes that GDPR with bring in on May 25 2018. A further update for IFS Field Service Management is due for release later this quarter.
IFS has embedded several features into the software to help companies identify, track and remove personal data from its systems. IFS has identified a five step model that its software now adheres to. This is explained further in a blog by Steve Treagust, Global Industry Director for Finance, HCM & Strategy.
The release includes functionality that maps against this but the detail of which data sets within IFS is included for is omitted by the press release. The assumption is that IFS has mapped this features against any piece of personal data within the system, but that is hard to confirm. They have, however gone further than many other vendors with this announcement.
Features mapping to the five steps
Lawful collection: Against any piece of PII (Personally identifiable information) the applications allows users to define the purpose of the data collected and allows it a duration of validity. This is important as data is often only needed to be kept for a short period of time.
Secure storage: Rather than determine this as encrypted data, IFS comments that the improvements include: “a set of dedicated mechanisms and windows facilitating management of data subjects, personal information items, purpose of data processing, data removal and anonymization, and date-controlled consent.”
Secure recall/relay: Sensibly this is a standard report. It enables a user to extract the data held on the systems pertaining to a specific information. It includes information about what is held, why it is held, how long it will be held for and the legal reasons for holding it.
Secure maintenance/removal: IFS has also included the ability for a user to have their data removed and/or anonymized. This is important, not just for legal reasons but the anonymizing of data is critical for companies to retain some records of product information for later analysis. There is obviously a question about how the data is anonymized. However, the release does not go into any further detail.
Lawful usage: IFS have also only limited the GDPR functionality to a single entry point. This means that while PII data is collected by users the extraction of the data is controlled and accessed securely. This is an important point. It means that access to the data, its reporting and removal is only accessible from a secure users access point of view.
Is anything missing?
IFS appeared to have introduced a comprehensive set of functionality to support GDPR with this release. There are two point though worth raising. Without access to the release notes or a view of the software it is difficult to know how comprehensive the data mapping exercise has been. There is no mention of employee data for example within either the release or the blog. Employees as well as customers have the right to be forgotten.
Secondly there is no mention of how easy it is for companies to go through their existing data and map the relevant information. Going forward it should be possible to automatically assign expiry dates to information. There is no advice given about what to do about existing/historical data. There is still time though and IFS might be preparing guidelines and tools to assist companies in meeting the regulations.
What does this mean
This is the kind of functionality that many ERP and HCM companies should have added already. Customers should be asking whether they have the changes in place. For companies on older on-premises versions this may be a challenge though. There are now only three months to go. IFS customers at least have the option of upgrading their software to mitigate the substantial risk introduces.
Treagust commented: “By enhancing IFS Applications and IFS Field Service Management with GDPR compliance support, we offer our customers integrated and intuitive software functionality to facilitate compliance with the new regulations that enter into force in May this year. In addition to supporting GDPR compliance, the new capabilities will also enable companies to improve data management processes to enhance data quality with more relevant data, and reduce the quantity of irrelevant data, resulting in significant cost reductions.”