Where to process GDPR requests?

Most organisations have complicated architectures with personal data stored in multiple inter-connected systems. A typical organisation nowadays will have the following components in their architecture: an ERP application, a CRM system, one or more company websites, and a B.I. reporting system

An organisation will receive GDPR requests and those requests must be logged and processed. Examples of a GDPR request are: an access report of what information is stored for a particular individual; a request for deleting information for an old employee

Which application is best suited for processing the requests and is most centrally suited for data changes to be replicated to the other applications?  A decision must be made as to where in the architecture the central point for processing GDPR requests will be.  The most logical point for most companies will be the ERP application since it most often holds all Customer data, Sales order history, Vendor history and Purchase Order history.  An ERP system already has established interfaces for updating the other applications should data be deleted or changed as a result of a GDPR request

NAVGDPR offers a solution which takes NAV as the central point for processing GDPR requests. Requests can be managed and processed within NAV.  Data changes which result from GDPR requests (for example deleting a Customers’ name and address), should then flow to peripheral applications.  Alternatively our product comes with interfaces which can be used for exporting the information about GDPR requests from NAV