GDPR Master Data Screening

Identification of personal information in customer master data and vendor master data

In many cases, companies’ vendor or customer master data often unnoticeably contains ample personal data. If business partner data that contains natural persons remains unrecognized, GDPR-compliant processing of that information is impossible. Simultaneously, the risk of possible fines and the possibility of damaging the company image increases.

However, manual identification of questionable data records is not easy and requires a high level of personnel resources:

  • Names containing legal forms are clear indicators of a company. But who knows all abbreviations of all legal forms worldwide?
  • Typical first and last names are clear indicators of natural persons, especially if a legal form is missing. But who knows all typical names from all countries?
  • In some countries, there is a tax number that identifies a natural person by a particular character at a particular spot. But who knows all these rules? And even if so, who has the time to manually check all business partner data?

Our service provides quick and simple help in identifying personal data that is unintentionally hidden in your business partner master data.

GDPR Screening Special until 31 May 2019: We analyze your data records and mark all entries found with personal data—and we do that for a fixed price of EUR 11.850 per screening for your entire customer and vendor base (further details can be found in our FAQs).

Request our GDPR Screening Special now!


We find natural persons in your customer master data or vendor master data - fast and reliable.

Save time and money by identifying personal data with our innovative AI technology.

Replace uncertainty with technical and organizational measures (TOM) in your GDPR audit.

Compact: 

Personal data is the focus of the GDPR

Within the EU, personal data has received special protection since the introduction of the General Data Protection Regulation (GDPR) in May 2018. Personal data is information that can be clearly associated with a specific person, such as names, birth dates or other attributes that directly refer to an identifiable natural person. This also applies to your vendor and customer data. Even the address of a customer or vendor can be classified as "personal". Therefore, all data records that do not clearly represent a legal entity should be labeled, separately verified and, in case of doubt, classified as "personal". In a GDPR audit, companies must at least demonstrate that such "technical and organizational measures" (TOMs) are carried out regularly and systematically.

Master data sets that unnoticeably contain sensitive entries such as personal data cannot be processed in a privacy-compliant manner within the EU. This increases the risk of a high fine and lasting damage to the company image.

CDQ specializes in the identification of personal data that is unintentionally hidden in business partner master data. Our screening service helps to reliably detect and tag sensitive information, minimizing the potential threat of a GDPR violation.

Request our GDPR Screening Special now!

Accordion header: 
FAQ: Frequently Asked Questions & Answers

For the screening, send us a file with the datasets of the customer master data and vendor master data of your choice. Whether 10,000 or 200,000 data records, we quickly and reliably review your data and find identifiable personal data that is hidden in business partner master data. On the basis of this analysis, the entries found can then be cleaned up or provided with a special marking in the ERP system.

According to Article 4 (1) (1) of the General Data Protection Regulation (GDPR), personal data is all information "relating to an identified or identifiable natural person". Even names of partnerships or freelancers can, therefore, be subject to special due diligence during processing.

Unfortunately, in practice it is often the case that, in the fields for the company name of the customer and vendor data, personal data is stored without being noticed or particularly indicated. This can be due to various reasons:

  • Customers and/or vendors work on their own account and thus, appear with their own name (e.g. freelancers, physicians, e.g. "Hans Mustermann SP").
  • Customers and/or vendors are natural persons (especially if you work in the B2C area) and have not been marked as such.
  • The data was not properly maintained and instead of the company name "Mustermann LLC", the name "Company, Hans Mustermann" was stored in the data field. It is also common that the name of the contact person is accidentally stored in the "Company" data field. A typical example of this is "Mustermann Inc. attn: Hans Mustermann".

Many of our customers have stored hundreds or thousands of data records containing personal data in their systems, without knowing it. And thus, they have no chance to process this data in compliance with the GDPR.

Here, the first important step is to identify potential entries containing data from natural persons. You can include this step as a safeguard taken for TOM (technical and organizational measures) in order to ensure secure processing in compliance with the General Data Protection Regulation.

In addition, you can also use the GDPR Screening to check if your previous methods are effective.

According to Article 4 (1) (1) of the General Data Protection Regulation, all information "relating to an identified or identifiable natural person" is personal data and is, therefore, subject to the provisions of the GDPR. This also applies to stored first and last names of customers or vendors.

GDPR Screening Special: Send us a file once with as many datasets as you want—regardless whether it contains 50,000 or 200,000 datasets. We analyze your data for a fixed price of EUR 11.850. The offer is valid until 31 May 2019.

We use new technologies in GDPR Master Data Screening. Your data sets are checked by the CDQ Cloud Engine with the help of artificial intelligence through a self-learning algorithm ("machine learning"). We've trained the algorithm for a long time and with a variety of data so that it can identify natural persons across multiple countries.

To manually represent this work, you will need people with a lot of time and international expertise to identify natural people in a variety of languages, such as Chinese or Portuguese. Our algorithm provides a 90% correct assignment of natural persons worldwide, meaning that less than 10% are later found to be a company. Try it yourself, contact us now!

Request our GDPR Screening Special now!

If personal data is detected in the analyzed data records, these options are available for further use:

  1. When it comes to data of natural persons that you must continue to use in this form in the system, we strongly recommend that you mark them in your ERP accordingly (for example with the "natural person flag"). Depending on the system, there are various ways to store this.

    In the SAP environment, this is done i.a. through the Business Partner Category. The NATPERS or NAPR field (meaning Business Partner Is a Natural Person Under the Tax Laws). It is only possible for companies to act in compliance with the GDPR if your data records are clearly marked as the data of natural persons.

  2. If it involves data that is incorrectly maintained, e.g., if a contact person is stored in the field for the company name, we recommend that you clean up these entries and delete the personal data from the data field.

    If you need assistance with the subsequent data cleansing, simply contact us (contact).

Here you will find current research results on GDPR for Data Managers (in English).

Send us the data as a CSV or Excel file with the names, country codes and identification numbers (for example, tax numbers) of your customer and vendor data. To ensure a secure transfer, we will gladly provide you with a separate upload account.

You will receive the results of the data analysis from us within 5 working days, at the latest; we are often even faster.

We enter into a contract with you for "data processing agreements" and ensure the complete deletion of all data after completion of the project. Your data is stored with us under encryption and protected from access by third parties.

Are you interested in our GDPR Master Data Screening?

Contact_text: 

You would like to use our GDPR Screening Service but still have questions? Just contact us!

Get in touch with us!
info@cdq.ch
+41(0)765831507
Go to top