GDPR: We are All Going to Be Fine(d)
A few months ago, the AIIM´s GDPR readiness research found that only 8% of respondents are fully prepared for the new regulations, but most organizations have a project in place to prepare for the May 2018 deadline. Many organizations are underestimating what GDPR compliance will mean to them. When AIIM last year asked their community if noncompliance despite good information governance practice causes significant issues, we found the following hardships as a result of noncompliance:
- 26% experienced internal audit issues;
- 24% have had FOIA (Freedom of Information Act) or personal data request issues;
- 21% noted data protection challenges;
- 20% reported litigation and discovery problems.
The first step to GDPR compliance is assessing what personal information you have today. This means not only data in archive or document management systems: it also includes emails that might be archived as PST files on employee laptops; electronic documents in shared drives and SharePoint that look like digital landfills and paper stored in offices and filing cabinets or paper stored offsite with 3rd party providers. You can then start to design processes to meet the GDPR principles and to ensure compliance. You don't need to start from scratch - you might be closer than you think to having the foundation to build a robust compliance strategy. One of the first considerations is to review the built-in capabilities of your information governance technology: this includes the systems which enable you to capture, manage, store and dispose of information. It will be a potential nightmare for organisations who don't have a consistent metadata policy or who have files, documents and information stored across multiple, legacy systems. The key to success is setting up a metadata driven, unified information governance platform which provides a "single point of truth" for PII (personable identifiable information). This will allow you to design metadata schemas to identify what data is relevant for specific purposes and will transform you unstructured information into usable, searchable content, ready for efficient e-discovery.
How can you ensure your systems are supporting your processes and policies?
- Create GDPR dashboards and reports: connecting data and content enables key stakeholders - such as legal & compliance, data protection officer and HR personnel - to receive a unified view of personal data under management. This enables department managers to make better decisions about the information they control and to effectively respond to data access and portability requests.
- Have a robust, enterprise-wide metadata strategy: Metadata is key! Use metadata to ensure privacy-by-design and by-default compliance. It should be automatic and with minimum (or no) user intervention. Make sure you have advanced OCR and full-text search capabilities - at the point of data onboarding and document digitisation; within your search templates and search functions; and which enables data discovery across ALL platforms.
- Update your retention management policies: Keep data only as long as necessary and required by applying retention management for all documents. This also helps you save money: by limiting overall storage requirements and by storing documents in your archive platform vs your business systems, apps or intranet, (SharePoint), you won't have to constantly be upgrading your storage amounts for your ECM, ERP, CRM or other systems.
- Secure your data: use encryption at transit and at rest to ensure integrity and confidentiality. Have a rights-based policy which allows people who need to view or work with PII to access information and which prevents unauthorised access (on purpose or by mistake). This will limit the risk of data breaches.
- Make sure your systems reduce company exposure: use access control lists, permission management, and audit trails to ensure compliance.
For information about SEAL, please visit www.seal-online.com. SEAL is a unified enterprise archiving platform that stores unstructured content and related metadata in a single, consolidated repository. SEAL enables you to protect, reuse and securely share your electronic records, while maintaining compliance, reducing company exposure and mitigating risks.
Would you like to know more?