ERP Software from Microsoft

As a Microsoft partner company, we must refer to Microsoft’s provisions in this regard. Microsoft ensures the use of the cloud while adhering to the high security and data protection standards in Germany. In this way, the Microsoft Cloud complies with national (e.g., C5 certification of the BSI catalog of requirements), European (e.g., GDPR), international, and industry-specific compliance standards, laws, and regulations governing cloud services regarding data security and privacy.

• For more information: Page on Microsoft Compliance

Since autumn 2019, Microsoft has also had German data centers, allowing you to store your data on “German soil.” You decide on the location of the data center.

According to Art. 24 GDPR, data is the property of the customer, and they are responsible. This means, in particular, that this person is responsible for safeguarding the rights of data subjects (Chapter 3 GDPR).

anaptis is the data processing company and therefore processes your data exclusively on instruction and for the purposes regulated within the framework of the data processing agreement. This means concretely that data will not be sold or passed on to third parties under any circumstances. An exception to this is a transfer to any subcontractors appointed, which is regulated within the framework of the data processing agreement with our customers.

In principle, anaptis fulfills all requirements of the EU General Data Protection Regulation and is compliant with data protection regulations according to the GDPR as an organization and within the framework of its products.

• For more information, see the blog article “Business Central in Deutschland: Rechtliche Vorgaben erfüllen” (German article)
• For more information, see the blog article “Cloud Computing: Die 7 größten Mythen rund um die Cloud” (German article)

Microsoft collects data on cyber attacks and uses it to continuously improve the cloud. To this end, Microsoft is part of the Digital Crimes Unit (DCU), where engineers and lawyers work directly with investigators from all over the world to track down large-scale cyber attacks and criminals. Over 600 million security risks are recorded, stored and analyzed here every day in order to increase logical security in the digital world. Information and insights are continuously gathered from different workloads, apps and platforms, combined and intelligently analyzed. This allows problems to be identified and rectified at an early stage before they affect the business activities of cloud users and also ensures the availability of apps and data at all times.

We also recommend the use of two-factor authentication, which is already established through the use of online banking solutions and uses another device (phone, smartphone, tablet, etc.) in addition to a password for security.

Microsoft stores all data redundantly across multiple systems and physically separate locations. This means that you do not have to create or manage data backups yourself. Irrespective of this, you can create a data backup from the system (here: Microsoft Dynamics 365 Business Central) at any time and save it locally.

Should the business relationship come to an end, authorized persons in your company can request the release of the data in a machine-readable format. The data will then be irretrievably deleted after the contractually defined period has expired.

Microsoft regularly has this competence confirmed by third parties – for example, current audit reports on ISO standards such as ISO 27001 are regularly published. In Germany in particular, the promise is regularly checked by German data trustees.