For customers using the Paribus 365™ Search and Detect service, where GDPR compliance is a consideration, this article covers the key questions you may have.
What data does the service have access to?
The data set that we synchronize to our Paribus 365™ Search and Detect service is restricted to the Account, Contact, Lead, and Address entities within Microsoft Dynamics 365 CRM. Within these entities, there is a subset of the attributes. Only Active records are synced across so anything that has been deactivated will not be synchronized by our service. A record that becomes deactivated will be removed automatically.
Clearly, any data that is in these entities should be already in line with whatever your company’s GDPR policies are, in terms of storing name, address, etc., or any particular attribute of an individual.
Is there any other person-related data held like emails, orders, activities, etc?
No, there is no other “transactional” or related data held within Paribus 365™ Search and Detect.
What happens to historical backups/archived data within Paribus 365™ Search and Detect?
There are no backups taken of the data. When a record is added, updated, or deleted these changes are reflected in the synced data within the time period set in your configuration, normally an hour or less.
For example, the GDPR requirements are for a person to request to be “forgotten”, deleting this record in CRM will directly lead to the deletion in the Paribus 365™ Search and Detect service.
Should the data need to be recovered for the service, it is a simple action of running a resync.
How is my data secured?
The service is secured via various methods and technologies. Details of the security applied to the Paribus 365 Search and Detect service are available here.