Do you have data demons lurking in your business? The GDPR clock is ticking….
Halloween isn’t the only thing scary about October, it’s now only 7 months away from the implementation of the new GDPR regulations. The penalties for non compliant businesses and organisations regarding GDPR document management will also come into affect on this date.
These GDPR changes aren’t hocus pocus, it’s time to get your business GDPR ready and face your data demons. Failure to adhere to the regulations concerning data protection can cause companies the risk of paying hefty monetary penalties of up to 20 Million Euros, or 4% of the group’s worldwide turnover.
The regulations officially come into force on 25th May, 2018. Organisations should by now be preparing their GDPR plan to ensure compliance with the new data protection regulations.
The GDPR will have a major impact on how your company processes, manages and stores personal and sensitive data. This refers to any information that can be used to identify an individual, such as name, address, cultural and sexual orientation, similar to the current Data Protection Act (DPA).
However, the GDPR also includes data collected from today’s contemporary culture such as IP addresses and pseudonymised data (identities used with a unique number or username for social media platforms or chat sites).
For more details on what GDPR is and what it means for your business, read our previous blog.
The top end penalties would be given to companies who do not comply with the basic processing requirements, such as acquiring consent from individuals before sending marketing literature or making nuisance phone calls. Other regulations include the international transfer of personal data, a breach of an individual’s rights of data protection and failure to implement a subject access request of their own personal data.
Other misconducts that are less serious breaches will receive fines of up to 10 Million Euros or 2% of the company’s worldwide turnover.
4 key points to consider with your documents & Cleardata solutions
In order to comply with the new data protection rules, certain procedures and practises need to be put in place. Organisations need to demonstrate how they are complying with GDPR and what actions you are taking to ensure a data breach doesn’t occur.
Here are some practical processes for companies of any size to consider when placing their focus on GDPR and ensuring your organisation is complying with data protection regarding paperwork. A solution to each challenge is provided to ensure that it protects your customer’s data is also outlined.
1. Are you able to locate all of the required information?
Whether stored in filing cabinets or electronically, every individual has the right to be ‘forgotten’ or erased from your company’s CRM database and any other documentation regarding that subject. This means everything relating to that person needs to be securely deleted and destroyed.
If you are unable to locate the required information due to paper documents being filed incorrectly, if it’s been retrieved before and hasn’t been put back in the right place or if they’re located in a separate building, can cost companies time and money to search for them.
Solution: Secure Document Scanning
Cleardata boasts one of the largest scanning bureaus in the UK. With a fleet of 13 Kodak Alaris scanners, over 4 million images are effectively scanned every month. Once your important documents are scanned, they undergo a 200% quality checking service using two separate operatives to ensure the images are perfect. The scanned images are not copied to any of our databases but are uploaded to a USB or SFTP and sent directly to yourself. The original paper documents can then be securely archived or destroyed.
2. Are you able to keep your important records private?
Ensuring personal data is protected is a significant point regarding GDPR document management. Paper documents can easily be lost or mislaid, allowing confidential information to get into the wrong hands and causing a potential data breach.
Transporting personal information, paper based or electronic, should be seen as a possible threat to data security. With topical issues of confidential files getting left on a train and leaving paperwork in employee’s cars which have been stolen, you can never be too careful.
The ICO have recently fined a large council £60,000 over accidentally leaving delicate data about children in a filing cabinet that had been given to a second hand shop, and another organisation was fined £150,000 for mislaying video interviews of victims in the post.
Solution: Electronic Document Management (EDM)
Uploading your documents to Cleardata’s EDM system is an excellent way to digitally manage your company’s documents. It saves the need of printing copies, and potentially losing them, as you can view all files online quickly. It also keeps your confidential records private as only authorised users can log into the system, with controlled access for certain files, allowing only the required employee to view certain documents.
3. Are you able to correctly manage the appropriate retention periods?
Retention periods are put into place to safeguard important documents. Dependant on your industry, some information is not permitted to be destroyed for a certain period of time in case individuals need to access it in the future, such as legal documents. Additionally, other documents may be required to be destroyed after a date to ensure they can’t be accessed again, such as personal data.
If your business does not destroy documents after a customer has requested to do so, you will breach data protection and could be faced with a large penalty. Having multiple copies of data made and not destroying every copy due to not knowing what documents you have stored or retention periods aren’t accurately recorded, can waste a significant of company time and money.
Solution: Secure Archive Storage and Archive Management System
Not only does archiving increase office space within your organisation and saving employees manually search through a number of filing cabinets, but it also guarantees that your important records are secure 24/7. The company have a variety of security defences in place, from biometric entry systems to hydrosense water detection systems, ensuring the ultimate protection for your documents.
Cleardata also have their own Archive Management System which allows organisations to manage the complete lifecycle of their documents whilst they’re archived in Cleardata’s premises, from making file retrievals to requesting collections and storage supplies. The system also allows businesses to manage retention periods and can digitally send boxes to be securely destroyed, after it’s been approved.
4. Are you able to securely dispose of personal and confidential data?
When personal data is requested to be removed from the system or paper records need to destroyed, it’s important that they are done so effectively and securely. There’s no point setting up a fire pit to burn confidential records when pages can be blown away or not fully destroyed, leaving personal data exposed and receiving a substantial fine.
Solution: Secure Document Shredding
Cleardata is accredited to BS EN 15712 for the secure destruction of confidential information. Once records have been sent to the company to be destroyed, there will be no evidence of that data anywhere. After the files have been securely shredded your company will receive a certificate of destruction which you can keep for your records and show how you’re complying with disposing of personal data under the GDPR.
If you’d like further information on Cleardata’s GDPR document management or would like to speak to one of our GDPR Consultants please call the team on 0800 046 6081 today.