Odoo is no stranger to the obstacles of adapting to pandemics, moving online, strengthening security, and helping with legal compliance such as the GDPR. Because regardless if you are a big, small or medium entity, the collection and use of personal data of the people you dealt with -being customers, suppliers, employees, agents or others- have to be done legally.
Though Odoo cannot make you compliant, it can help you achieve it, ease your data mapping, reduce data redundancy, implement granular access rights and security controls. Let's dive in!
DATA MAPPING
Establish what type of data your organisation collects, uses, stores, deletes, transfers within and outside the entity; it's not an easy task. But with Odoo, an entity naturally centralises most of its data; thus, by reviewing all your apps, you can straightforwardly assess where your data is and what you are doing with it, which will make everything else easier down the road.
THIRD-PARTY PROVIDERS
An organisation may use data processors as long as they provide sufficient guarantees of their compliance with the Law (Art.28 GDPR). To ensure that efficient tracking is needed, that is possible manually with the help of an excel sheet or, better, with the Odoo Project App. This App gives you a full overview and management of the whole lifecycle with each supplier, e.g., save history, attach contracts, link to their GDPR documents. Super convenient to keep you on top of all your business relationships.
DATA SUBJECT REQUESTS
There is one month to respond to the data subject's requests (Recital 59 GDPR); thus, setting up a process beforehand is a must. With Odoo, you can use the Helpdesk App or the Project App to keep track of all requests and set a workflow on how to handle them. Verification of their legitimacy (ID Checks, conflict with other laws), location of data, respect of Data Subject's rights, and leave proof of compliance will make your Audit easier.
LOCATION OF DATA
With Odoo, this is not a nightmare; you can immediately start from the Odoo Contact Screen and check all the personal data you are holding about someone and satisfy the requests of access, deletion, portability, etc.
DATA SUBJECTS RIGHTS
Requests may vary, but rights do not (Chapter III GDPR). Set up an autoresponder to give all information about how long you will take to answer, their other data protection rights, etc. Also, automatically set up the next activities to avoid mishandling of any request.
Finally, you can enable the portal by using Odoo browser built-in menu and let data subjects make effective use of their rights on self-service mode, e.g., get their data exported.
CONSENT WITH EVIDENCE
Warning: often, consent is not the best legal choice to lawfully process personal data. With the Odoo builder application, you can set up the checkbox for every consent and link it to the appropriate section of your Privacy Policy.
SECURITY AND PRIVACY BY DESIGN
Already built-in on Odoo’s software.
WHAT ELSE CAN YOU DO WITH ODOO?
With the right partner, you can do whatever is needed for your entity to operate competitively, legally and securely. For instance,
- Mark fields that will contain personal data identifiers: Name, SSN, email.
- Global search tool on these fields for handling data subject's requests.
- A policy of deletion/anonymisation.
Odoo cannot make you compliant but can certainly help you to achieve it in various ways. Need to know more, feel free to reach out.
*Disclaimer this post is provided for informational purposes only. Reach out to your legal counsel to determine precisely how EU data protection rules apply to you.