I have some questions related to data security for HR data in AX 2012. I have a client with headquarters in a European country, but the group contains several companies in USA and Asia. Their plan is to implement HR globally, which means that personal information about all employees will be in AX. They have one AX 2012 CU8 installation, and the database is located in a country within the EU. My concern is about the different data security and data protection laws that we have to consider in this case. For example – data for the US employees will initially be fed into AX from another HR system in the US. This means, as I understand it (I might be wrong) that personal information for US citizens is sent outside the US, to a country in the European union. We will use strict security setup and XDS policies to control who can see personal information, but the global HR manager for example resides in the EU and she will have access to all information for all employees, including those in US, China etc.
My first question is – can the client run into legal problems with this setup?
My second question is – where can I find the information and resources needed to determine what (if any) measures we have to take in order to set the system up in a way that is compliant with all relevant laws? Are there any guidelines or general recommendations available somewhere?
I understand that legally the responsibility falls on the client but they need guidance and it is our responsibility as consultants to know on a general level what to recommend and not.
Thanks,
Anna