Is your organisation GDPR ready?
You have no doubt heard about the General Data Protection Regulation (GDPR) coming into force on the 25th of May 2018. Are your data management practices compliant with the latest regulations?
At Advanced, we have over 25 years of document management experience. This makes us excellently positioned to help ensure your internal Document & Records Management System offers robust data protection to satisfy GDPR regulations, and avoid GDPR penalties.
Contact us today to see how our document management systems can ensure your business maintains full GDPR compliance before May 2018.
Contact us for more information on our GDPR compliance services or to arrange a consultationWhat you need to know about GDPR
The most immediate consequences of the new GDPR regulations are that the document management systems for businesses, and especially HR, IT, and Finance departments, must have robust data protection mechanisms, as well as internal data monitoring and reporting systems.
The GDPR will affect organisations of any size, from UK-only SMEs to the multi-national conglomerates. It doesn’t matter how big the business is, if data is held about EU citizens that can be used to identify individuals then GDPR compliance must be assured. This also means businesses that operate outside of the EU who collect and hold data on EU citizens, must also follow the GDPR.
There is a vast variety of data types that can be used in document and record management systems to identify an individual, and therefore must be considered when ensuring GDPR compliance, what’s more, this is likely to grow as more data is gathered on the public.
- IP addresses
- Home addresses
- First and last names
- Financial details
- CV
- Emails
Any organisation that potentially holds any of the above identifiable personal data (and the list is growing) is possibly liable for substantial fines if GDPR regulations are not carefully followed. As much as 4% of global revenues can be taken as fines, if internal data protection, monitoring and reporting policies do not sufficiently follow GDPR legislation in the event of a data protection breach
Other key GDPR issues
Time
After the GDPR is live, a data protection breach must be reported to the relevant authorities within 72 hours. Failing to do so can result in substantial fines. This could be difficult for many reasons, firstly a business must have advanced data protection principles in place to even realise a breach has occurred, especially as there are a variety of breach types.
Accountability and Governance
The legislation makes it a requirement for businesses that are a public authority (except for courts), who carry out large-scale tracking of individuals or process large amounts of data relating to criminal offences to appoint a GDPR Data Protection Officer. Additionally, large companies will likely need to appoint a data protection officer, to ensure that the internal data protection policy is sufficiently developed and maintained. There is no lower limit on size for appointment.
User consent, data availability and information requests
The GDPR makes it a requirement that businesses make available specific information about individuals to the individuals themselves. This could be an ex-employee changing their GDPR consent, and making an information request that all information about them is deleted. Potentially, this could be a huge undertaking if the data is not properly catalogued and monitored, as there could be log-in data, financial data from payroll, emails, and address data all readily accessible and easily deleted.
Don’t leave it to chance – with our help you can rest assured that your Document & Records Management System will continue to serve your business, but now with an added layer of data protection and security through the GDPR compliance services that we offer.
Contact us for more information on our GDPR compliance services or to arrange a consultation