Is your business prepared for the GDPR Compliance Legislation being introduced in May 2018?

Effectively the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will provide a single legal framework which will apply to all members of the EU, streamlining and hopefully simplifying what is currently a mix of laws for each member country. Directly concerned with the collection, storage and use of personal data, this will impact every business that holds any personal data in any format.

 How will it affect businesses?

We have found that many organisations are not aware of the risks concerning the transmission of this data between internal employees and external clients. Essentially, all paper and digital documents, including emails, which can identify an individual must now be tracked, saved, or deleted. This affects both customers internal data and things as simple as incoming CV’s or even visitors books, but also virtually every file in HR, security, and even across finance and marketing.

Are you able to answer the following points?

What measures are currently in place for sending sensitive personal, financial data via email? How does your business prove it is compliant in this situation? Some of the key points about GDPR and how it might affect your company, are as follows:

  1. ANY data which could potentially identify an individual is covered. This includes a computer I.P. address which is often captured by corporate web pages!
  2. ‘Innocent examples’ include ANPR systems in car parks, visitor books, security camera footage, credit card information.
  3. Beware of CV’s whether requested or not. These are included, as are any communications  with the individual. Did you forward the CV to a department head for review? If so, you probably sent it by email … and now they have a copy which must be tracked.
  4. Upon demand, any organisation will have 30 days to present ALL such data to the requesting individual. The individual will be able to demand the data be in paper, digital or both forms. Omission is not an excuse.

Consequences of inaction

Non-compliance may leave your business open to substantial fines under the GDPR. Article 83(5)(a) states that infringements of the basic principles for processing personal data, including the conditions for consent, are subject to the highest tier of administrative fines. This could mean a fine of up to €20 million, or 4% of your total worldwide annual turnover, whichever is higher*. *Source: Information Commissioner’s Office, GDPR Guidance

How can NSL help?

We have a range of software applications which deliver Records and Document Management. Without such software it’s practically impossible for any organisation to be compliant. Think of these new regulations as an extreme version of the Freedom of Information Act and the Data Protection Act combined, only much more serious and wide-ranging.

Four key issues our software technology solves in relation to the GDPR:

  1. Tools to ensure TOTAL control over every type of document, from email to paper files, and everything in between. Total control includes being able to find every document, to proving ‘who saw what, when, and what did they do with it?
  2. Tools to enforce Records Management: this is not just about access to data, but being able to apply rules to automatically delete or archive data to which access rights (permissions) have expired.
  3. Workflow software which, combined with the records management part, ensures that documents are only routed according to policy and that no stray copies exist.
  4. And finally, by implementing a Records and Document Management System, there are the advantages that this will automate many business processes: for example, anyone in the organisation doing data entry might find their workload cut in half as software automates all forms of data entry.