How best to handle documents in light of GDPR
To remain competitive and GDPR compliant in this digital age, every business must not only observe what others are doing but also take action. A key part of this is to embrace digital technology when handling our customers’ personal documentation.
Technology will play a key role
Even prior to GDPR, we have watched and relied on pioneering firms to find new ways to embrace the tools of digital transformation and document storage through the cloud, mobile, big data or collaboration. These firms embrace innovative technologies, such as the Internet of Things, virtual reality, automation and blockchain.
Big data technologies can help organisations to hone their operations and their services to customers. But of course, data storage and analysis are also necessary.
Avoid human error
Many high-profile data incidents can be attributed to human behaviour. We hear many stories of files inadvertently left on public transport or the careless disposal of documents leading to serious data breaches.
Keeping information safe and secure is paramount in the digital age, particularly as the penalties for failure can be severe.
The focus on digital transformation helps highlight how the role of technology in modern business has changed. Technology is no longer just a service function within the organisation. Rather, it has now become the underlying element of business success in both security and advancement.
While GDPR compliance and the surfeit of technology can create opportunities for organisations, it also presents several challenges. As organisations use an increasingly broad range of systems and services, this inevitably leads to the need to collect and store huge amounts of information.
Who needs to take action?
Business leaders must remember that GDPR legislation goes far beyond the pre-internet era laws it replaces.
The regulation covers all owners and processors of personal data. In particular, but not exclusively, this will affect businesses that:
- Collect contact details, advertise or have a CRM system
- Use cloud services, exchange personal data with your supply chain, or purchase marketing lists
- Has a website serves cookies
- Provide multiple services based on one tick-box
Achieving a balance between online and offline documentation
There could be a tendency to believe that the shift to digital means the focus of GDPR is biased towards online information.
However, just as individuals have a right to be forgotten online, they also have a right to be forgotten offline. This includes not only all paper-based records but also consists of any personal or sensitive information that may be printed in the future.
While making amends to databases is a fairly straightforward procedure, organisations will find it extremely difficult to locate, edit and secure paper-based records. And every time a document is copied, scanned, printed or emailed on a digital multifunction device (MFD), personal or confidential information can be inadvertently exposed or maliciously compromised.
Paper output is particularly challenging to track and control and is often not a consideration when drawing security plans up. IT leaders, therefore, need to ensure an adequate balance between the secure maintenance and management of online and offline information.
Scanning hard copy documents
Just as digital transformation has created the foundation for an upsurge in data use, so it also provides one solution to effective document storage; using document specialists to automate and secure paper-heavy processes.
The more onerous provisions of GDPR, including the right to be forgotten and the right of erasure will mean organisations will have to be able to track down an individual’s personal data. This may have thousands of duplicates across a large organisation. In some cases, this will be both online and offline.
Therefore, although a potentially lengthy process to start, in the long term, it makes sense to prioritise the scanning and secure storage of paper-based records. However, organisations will need to ensure their printing, scanning and copying is GDPR-compliant.
Advanced technologies limit access to the right people
While best practice policies can help, advanced technologies – such as encryption, tracking, leak detection, automatic redaction and breach-alerts – can ensure the right people access sensitive records at the right time.
As a matter of urgency, your organisation must understand the paper records it holds. This urgency is acuter when placed in the context of research by analyst Quocirca, which suggests 63% of firms have experienced one or more print-related data breaches. Overall, 72% indicated it is a significant concern, with the professional services reporting the highest level of concern (88%) compared to the industrial sector (53%).
Invest in a Managed Print Service (MPS)
For many businesses, print security assessments are perhaps an ‘optional extra’ to traditional document assessments. However, there are benefits to incorporating MPS as a standard practice with metrics in place to ensure their effectiveness.
Although such assessments can be time-consuming, depending on the complexity of the infrastructure, it’s likely to be a good investment of time and money as it will identify gaps in security before they become an issue.
Automation will help keep your business GDPR compliant
The impact of digital transformation and GDPR combined could, in some cases, present a considerable hurdle for organisations that hold and process data. But this burden doesn’t have to be an insurmountable challenge. In fact, in many cases, the reverse should be true. It’s an opportunity to tighten up and get a grip on document management, both online and offline. The necessary changes can create smarter and more productive ways of working. They can promote confidence in the information collected. They can also build a robust platform for more effective and compliant working practices.
Automation can potentially help a business deal with documents more effectively. It can assist with auditing and track information use, information retrieval improvements and possibly even boost productivity.
It could, therefore, help ease the burden on managers, while effectively managing paper records.
By using automation to help your business remain GDPR compliant, you can help your organisation digitise its document storage processes; become more efficient, and save money.
Contact us for more information on document management.