Data Classification
Data classification is the process of organizing and categorizing personal data within your Business Central environment according to GDPR requirements and your organizational structure.
Overview
The classification process involves: - Identifying personal data across all tables and fields - Categorizing data according to purpose and sensitivity - Documenting the rationale for each classification decision - Maintaining classifications as business processes evolve
Classification Workflow
Step 1: Access GDPR Register
- Open Register List
- Use Tell Me (Alt+Q) and search for "GDPR Register"
- Open GDPR Register List page
- This shows all discovered personal data elements
- Understand the View
- Hierarchical Structure: Elements are organized in a tree structure
- Indentation: Shows parent-child relationships
- Types: Department, Functional Area, and data elements
Step 2: Review Auto-Discovered Elements
Initial State
After initialization, all elements are assigned to the "General" category:
General
├── Customer (Table 18)
│ ├── Name (Field 2)
│ ├── Address (Field 5)
│ └── E-Mail (Field 102)
├── Employee (Table 5200)
│ ├── First Name (Field 6)
│ ├── Last Name (Field 8)
│ └── Phone No. (Field 9)
└── Vendor (Table 23)
├── Name (Field 2)
└── Contact (Field 5)Element Information
For each element, review: - Table No./Caption: Which Business Central table - Field No./Caption: Which field within the table - Type: Data element, Department, or Functional Area - Current Assignment: Which category it's currently in
Step 3: Create Organizational Structure
Create Departments
- Navigate to Register List
- Click New to add a new element
- Configure Department:
- Type: Department
- Description: Department name (e.g., "Sales Department")
- Level: 1 (for departments)
- Parent Entry No.: Leave blank (top-level)
Create Functional Areas
- Add Functional Area:
- Type: Functional Area
- Description: Business function (e.g., "Customer Management")
- Level: 2 (for functional areas)
- Parent Entry No.: Select parent department
Example Structure Creation
Sales Department (New Department)
├── Customer Management (New Functional Area)
├── Contact Management (New Functional Area)
└── Marketing Activities (New Functional Area)
HR Department (New Department)
├── Employee Records (New Functional Area)
├── Payroll Processing (New Functional Area)
└── Performance Management (New Functional Area)Step 4: Classify Data Elements
Moving Elements
- Select Data Element: Click on a table/field element
- Open Card Page: Double-click or use Edit action
- Change Assignment:
- Parent Entry No.: Select appropriate functional area
- Description: Update if needed for clarity
- Save Changes: Close the card page
Classification Decisions
Consider these factors when classifying:
Business Purpose - Why is this data collected? - Which department is responsible? - What business process uses it?
Data Sensitivity - How sensitive is this information? - What are the risks if compromised? - What retention requirements apply?
Processing Activity - Who accesses this data? - How is it used in business processes? - Is it shared with external parties?
Step 5: Assign Data Categories
Create Categories
- Open GDPR Data Category List
- Create New Categories: ``` Code: CUS-ID Description: Customer Identification Data Legal Basis: Contract Performance Retention: 7 years after last transaction
Code: EMP-BASIC Description: Employee Basic Information Legal Basis: Employment Contract Retention: 7 years after employment end ```
Link Elements to Categories
- From Register Card Page
- Set Data Category: Select appropriate category from dropdown
- Document Rationale: Add notes explaining the assignment
Classification Examples
Customer Data Classification
Sales Department
└── Customer Management
├── Customer Identification
│ ├── Customer.Name (Category: CUS-ID)
│ ├── Customer."Name 2" (Category: CUS-ID)
│ └── Customer."Search Name" (Category: CUS-ID)
├── Customer Contact Information
│ ├── Customer.Address (Category: CUS-CONTACT)
│ ├── Customer."E-Mail" (Category: CUS-CONTACT)
│ └── Customer."Phone No." (Category: CUS-CONTACT)
└── Customer Financial Data
├── Customer."Credit Limit (LCY)" (Category: CUS-FIN)
└── Customer."Payment Terms Code" (Category: CUS-FIN)Employee Data Classification
HR Department
├── Employee Records
│ ├── Employee Identification
│ │ ├── Employee."First Name" (Category: EMP-ID)
│ │ ├── Employee."Last Name" (Category: EMP-ID)
│ │ └── Employee."Social Security No." (Category: EMP-SENSITIVE)
│ └── Employee Contact
│ ├── Employee.Address (Category: EMP-CONTACT)
│ └── Employee."Phone No." (Category: EMP-CONTACT)
└── Payroll Processing
└── Employee Financial
├── Employee."Bank Account No." (Category: EMP-BANK)
└── Employee."Salary" (Category: EMP-SALARY)Best Practices
Classification Strategy
Start with Major Categories
- Identify Key Data Subjects: Customers, employees, vendors, contacts
- Map to Departments: Align with organizational structure
- Define Business Processes: Create functional areas for each major process
- Classify Gradually: Don't try to classify everything at once
Involve Stakeholders
- Business Process Owners: Include department managers in classification decisions
- Data Protection Officer: Ensure classifications align with GDPR requirements
- IT/Security Team: Consider technical constraints and security implications
- Legal Team: Validate legal basis and retention requirements
Documentation Standards
Naming Conventions
- Departments: Use official organizational names
- Functional Areas: Describe the business process, not the system
- Categories: Use consistent coding schemes (DEPT-TYPE format)
Decision Documentation
For each classification decision, document: - Business Justification: Why this classification was chosen - Legal Basis: GDPR article 6 legal basis - Retention Period: How long data should be kept - Access Requirements: Who needs access and why
Quality Assurance
Regular Reviews
- Quarterly Reviews: Check if classifications still align with business processes
- Change Management: Update classifications when processes change
- Audit Preparation: Ensure documentation supports compliance audits
- User Feedback: Gather feedback from users about classification accuracy
Validation Checks
- Completeness: Ensure all personal data elements are classified
- Consistency: Check that similar data is classified similarly
- Hierarchy Logic: Verify logical parent-child relationships
- Permission Alignment: Ensure classifications match security permissions
Advanced Classification
Cross-Department Data
For data used by multiple departments:
- Identify Primary Owner: Determine which department is primarily responsible
- Document Shared Usage: Note which other departments access the data
- Consider Data Categories: Use categories to reflect shared usage patterns
Dynamic Classification
For organizations with frequently changing structures: - Template Approach: Create template structures that can be replicated - Automated Updates: Use BC modifications to trigger classification reviews - Version Control: Maintain history of classification changes
Integration Considerations
When integrating with other systems: - Data Flow Mapping: Understand how data flows between systems - Classification Consistency: Ensure consistent classification across systems - External Requirements: Consider external legal and regulatory requirements
Troubleshooting Classification
Common Issues
Elements Not Visible
- Cause: Insufficient permissions or initialization not run
- Solution: Check user permissions and run initialization
Hierarchy Not Displaying Correctly
- Cause: Incorrect parent-child relationships or level assignments
- Solution: Review and correct Level and Parent Entry No. fields
Cannot Move Elements
- Cause: Missing modify permissions or locked records
- Solution: Verify permissions and ensure no other users are editing
Next Steps
After completing data classification:
- Data Cleaning Process: Learn how to clean classified data
- Session Management: Understand cleaning session workflow
- API Overview: Explore integration possibilities