GDPR is the European Union's General Data Protection Regulation.
Here is our summary:
- Individuals will be given more control over how their data is used
- Data must be portable between service providers
- Policies must be more transparent and easy to understand
- Privacy and Security needs to be introduced to workflows
- Much bigger fines
This is great news for consumers, but it presents a complex challenge for businesses.
Challenges and Penalties
You are probably familiar with the 'cookie law' which focuses on website opt-ins. GDPR, however, goes much further.
Users will be able to demand the full deletion of all their details for instance, as well as ask for their data in a portable format that can be transferred between data processing entities.
Penalties for not complying with the new regulation are huge. It can trigger a fine of up to 20 million euros or 4% of total revenue, whichever is the greater. Note: that is revenue and not profit they measure, which could be particularly painful for smaller businesses. Can your company really afford to take a 4% hit on revenues?
When must businesses act and how?
The law will come into force across Europe in May 2018 and applies to businesses of all sizes. While that is still a considerable distance away, the complexities surrounding GDPR should be heeded with care.
According to Computer Weekly, 44% of IT professionals are unaware of the incoming rules. And a separate piece of research by Dell suggests 97% of all businesses don't have a plan in place to deal with GDPR.
To help companies ensure their paper records adhere - here are some areas to consider:
1. Can you locate all the information you need?
Before you can de-personalise or delete information you need to be able to find it. The reforms will enforce the consumer's 'right to be forgotten' in European law and businesses will need to respond to requests to delete personal information. Unfortunately, while it may be easy to remove digital data from a record or database, hard copies are far more difficult to locate, monitor and dispose of.
2. How many copies of your documents exist?
Be aware that paper often leads a double or triple life. Clearly defined processes for managing information from creation to secure destruction may not be enough on their own. Paper can slip through the cracks of the strictest information classification and storage policies, simply by being copied or printed and left lying around, carelessly disposed of, or even removed from a secure building.
3. How do you guarantee privacy of the documents?
The GDPR aims to ensure privacy during information production, management and disposal. For paper this will all be about information handling processes. Organisations should make it difficult, if not impossible, for unauthorised people to access or make copies of documents that carry personal information.
There is an easier option.
Digitising your paper files and managing them with a document management system will give you a complete control over your documents and keep them secure.
Please speak to Ava today on 03332 413 055 to arrange a free consultation or email us