Time is marching on until General Data Protection Regulation (GDPR) comes into force on 25th May 2018.
In the run-up to GDPR, you will have to understand and classify the personal data you hold and process, as well as ensure you maintain its availability, integrity and confidentiality. You will also ensure you have everything in place to comply with the regulations. Compliance and following best practice is vital to minimise risks such as the potentially large fines, as well as damage to reputation.
Your organisation can hold a large amount of personal data. Under GDPR it includes any and all information or data that identifies a natural person (i.e. the data subject) such as an individual’s genetic data; biometric data; location data; and online identifiers.
An Enterprise Content Management solution such as Laserfiche will help you comply with GDPR
Capture, manage, process, store and also retrieve you and your customers’ information and data.
1. Personal data
Enterprise Content Management (ECM) allows organisations to enforce the security and governance required to protect customer information. Laserfiche helps companies to categorise and manage personally identifiable information (PII) according to GDPR requirements.
2. The movement and sharing of data
Understanding and controlling (including preventing where necessary) the movement of data is vital. Once a file or object is labelled as containing PII, the ECM system can automatically initiate other actions to ensure proper treatment and handling of information according to the new regulation.
3. Assigning processing conditions and consents
ECM can track changes to PII files and objects, and provide an audit trail to show who changed what, and when.
4. Applying sophisticated security and protection
ECM will provide the security to prevent unauthorised users from sharing or printing files containing sensitive PII information. Redaction functionality can also be used where PII information is required to be masked.
5. Applying retention policies and disposal processes
The system will allow you to enforce custom rules and retention schedules as dictated by legislation ensuring PII data isn’t kept longer than necessary.
6. Handling subject access requests
Applying access control and permission management to your ECM will ensure only authorised users can access PII.
7. Responding to requests to have inaccuracies corrected or to have information erased
ECM has powerful search facilities to assist with document retrieval and disposal should there be a requirement to amend or dispose of PII information upon request.
8. Enabling “Data Protection by Design” in business processes
ECM will provide an audit trail and version control to track access to the system and its files, ensuring compliance, and avoiding data breaches.
So, if you feel your organisation will benefit from Enterprise Content Management systems, get in touch today.