Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
The General Data Protection Regulation1 (GDPR) was introduced by the EU on 25th May 2018 to protect the citizens of its
constituent countries from personal data misuse by requiring all handling of Personally Identifiable Information 2 (PII) to be
done on a permitted legal basis. For NetSuite customers, the legal basis would be for processing of transactions, employee
information, handling of sales leads, amongst others. As all processing of EU personal data is covered by GDPR, NetSuite
customers need to be cognizant of their responsibilities regardless of where they are based. Stiff penalties can be invoked, up
to €20 Million or 4% of annual turnover, and these can be applied to non-EU countries such as the US, through international law.
Central to GDPR are the rights of individuals4 that must be adhered to unless there is a legal basis to do so:
The Right to be Informed : The collection and processing of personal data must be transparent.
The Right of Access : Subject Access Requests must provide the individual with a copy of all relevant information.
The Right to Data Portability : Upon request, data relating to an individual must be supplied in a machine-readable format
for use in other environments.
The Right to Object : Objections to processing of personal data must be observed and any use must cease.
Rights in Relation to Automated Any process where automated decisions are used must be stopped or reverted to manual
Decision Making and Profiling : processes upon request.
Although the word ‘must’ is used a lot in the list above, there are several restrictions to when companies must comply. Most
commonly, this is if there is a legal basis for not respecting the request—as mentioned previously, with NetSuite this would be
the processing of transactions. Very few parts of GDPR are absolute (the removal of direct marketing being notable) and each
scenario must be considered on its own basis. This is the reason that NetSuite customers must seek specialist advice for their
own compliance. Any company that complies with GDPR without respect to their own processes would have difficulty
per forming many common functions.
Should you need further information regarding NetSuite’s GDPR stance, please contact the Technology Center of Excellence
team. NetSuite GDPR collaterals5 are available upon request.
ADDITIONAL REFERENCES
1 4
Regulation (EU) 2016/679 Individual Rights
2 5
What is personal data? GDPR for Oracle Applications
3
What is a data controller or a data processor?
www.netsuite.com