In many cases, companies' vendor or customer master data often unnoticeably contains ample personal data. If business partner data that contains natural persons remains unrecognized, GDPR-compliant processing of that information is impossible. Simultaneously, the risk of possible fines and the possibility of damaging the company image increases.
However, manual identification of questionable data records is not easy and requires a high level of personnel resources:
Our AI-based service provides quick and simple help in identifying personal data that is unintentionally hidden in your business partner master data. We analyze your data records and mark all entries found with personal data — and we do that for a fixed price per screening for your entire customer and vendor base.
All data we receive is protected through up-to-date protocols and encryption mechanisms. The entire CDQ Cloud infrastructure is provided on Amazon Web Service (AWS) servers in the European Union (Frankfurt, Germany and Dublin, Ireland) to comply with EU data privacy regulation.
All data uploaded into the CDQ Cloud as well as analysis results are stored in individual databases per customer, and users can choose to delete. If a user chooses to delete its data, all data will be deleted, and no data is cached or withheld. Updates which are disclosed for sharing with other community peers are processed and stored separately and do not have any backlink to a user.
Do you still have questions about the protection of your business partner data in the CDQ Cloud? We will be happy to answer your questions in a personal interview - just contact us!
For the GDPR-compliance screening, send us a file with the datasets of the customer master data and vendor master data of your choice. Whether 10,000 or 200,000 data records, we quickly and reliably review your data and find identifiable personal data that is hidden in your business partner master data. On the basis of this analysis, the entries found can then be cleaned up or provided with a special marking in your ERP system.
We enter into a contract with you for "data processing agreements" and ensure the complete deletion of all data after completion of the project. Your data is stored with us under encryption and protected from access by third parties.
According to Article 4 (1) (1) of the General Data Protection Regulation (GDPR), personal data is all information "relating to an identified or identifiable natural person". Even names of partnerships or freelancers can, therefore, be subjected to special due diligence during processing.
Unfortunately, in practice it is often the case that, in the fields for the company name of the customer and vendor data, personal data is stored without being noticed or particularly indicated. This can be due to various reasons:
Many of our customers have stored hundreds or thousands of data records containing personal data in their systems, without knowing it. And thus, they have no chance to process this data in compliance with the GDPR.
Here, the first important step is to identify potential entries containing data from natural persons. You can include this step as a safeguard taken for TOM (technical and organizational measures) in order to ensure secure processing in compliance with the General Data Protection Regulation.
In addition, you can also use the GDPR Screening to check if your previous methods are effective.
According to Article 4 (1) (1) of the General Data Protection Regulation, all information "relating to an identified or identifiable natural person" is personal data and is, therefore, subject to the provisions of the GDPR. This also applies to stored first and last names of customers or vendors.
We use new technologies in GDPR Master Data Screening. Your data sets are checked by the CDQ Cloud Engine with the help of artificial intelligence (AI) through a self-learning algorithm ("machine learning"). We've trained the algorithm for a long time and with a variety of data so that it can identify natural persons across multiple countries.
To manually represent this work, you will need people with a lot of time and international expertise to identify natural people in a variety of languages, such as Chinese or Portuguese. Our algorithm provides a 90% correct assignment of natural persons worldwide, meaning that less than 10% are later found to be a company.
If personal data is detected in the analyzed data records, these options are available for further use:
When it comes to data of natural persons that you must continue to use in this form in the system, we strongly recommend that you mark them in your ERP accordingly (for example with the "natural person flag"). Depending on the system, there are various ways to store this.
In the SAP environment, this is done i.a. through the Business Partner Category. The NATPERS or NAPR field (meaning Business Partner Is a Natural Person Under the Tax Laws). It is only possible for companies to act in compliance with the GDPR if your data records are clearly marked as the data of natural persons.
If it involves data that is incorrectly maintained, e.g., if a contact person is stored in the field for the company name, we recommend that you clean up these entries and delete the personal data from the data field.
If you need assistance with the subsequent data cleansing, simply contact us (contact).
Here you will find current research results on GDPR for Data Managers (in English).
Send us the data as a CSV or Excel file with the names, country codes and identification numbers (for example, tax numbers) of your customer and vendor data. To ensure a secure transfer, we will gladly provide you with a separate upload account.
You will receive the results of the data analysis from us within 5 working days, at the latest; we are often even faster.
Within the EU, personal data has received special protection since the introduction of the General Data Protection Regulation (GDPR) in May 2018. Personal data is information that can be clearly associated with a specific person, such as names, birth dates or other attributes that directly refer to an identifiable natural person. This also applies to your vendor and customer data. Even the address of a customer or vendor can be classified as "personal". Therefore, all data records that do not clearly represent a legal entity should be labeled, separately verified and, in case of doubt, classified as "personal". In a GDPR audit, companies must at least demonstrate that such "technical and organizational measures" (TOMs) are carried out regularly and systematically.
Master data sets that unnoticeably contain sensitive entries such as personal data cannot be processed in a privacy-compliant manner within the EU. This increases the risk of a high fine and lasting damage to the company image.
CDQ specializes in the AI-based identification of personal data that is unintentionally hidden in business partner master data. Our screening service helps to reliably detect and tag sensitive information, minimizing the potential threat of a GDPR violation. Get your corporate master data GDPR-compliant and contact us now!