GDPR Compliance- What Does Your Future Look Like?
A future look as to how one organization transformed their information governance strategy while preparing for GDPR compliance - and in the process reduced business costs, achieved better efficiency and gained greater control of their information.
Written by Leo Gaciu
Close your eyes and step into the future. It is August 2018, and your company is leading by example in implementing best practices for GDPR compliance. Your customers and suppliers feel confident about how your organization is managing their business data and personal information in compliance with the new GDPR regulations. The business decisions you made last year - including changes in processes, technology and user behavior- improved overall efficiency and control, reduced costs and accelerated revenue.
Stakeholders from various departments - including legal, IT, HR and Line of Business Managers - were involved during the past year in reviewing how personal identifiable information (PII) was managed across the organization. You researched GDPR guidelines and industry best practices from organizations like AIIM. The tipping point was that your assessment uncovered a large amount of unstructured information in email, shared drives, SharePoint, legacy apps, legacy ECM and filing cabinets that could potentially place your organization at risk with GDPR.
The review of your internal process and underlying technology revealed gaps in the following areas:
- Managing unstructured content;
- Implementing a consistent metadata policy;
- Training users and enforcing consistent user behavior in proper data management;
- Consistently requiring and registering consent for use of personal data for well-defined purposes.
Your commitment to change how you manage PII and to mitigate company exposure led you to implement a new secure and metadata driven information governance system. With SEAL, your new enterprise information governance system, you are able to ingest and migrate the content together with the associated metadata from any source, classify and enrich, protect and preserve, share and control company-wide your most precious asset: information.
The key to success was the ability to leverage metadata and bring structure to otherwise unstructured content like email and electronic documents within your existing line of business systems. This way you achieved a unified view of user and application generated content, gaining unlimited possibilities to view and securely share information even outside your company walls for enhanced compliance without losing for even a second your control over the information governance.
Enforcing access control policies, managing user groups and setting retention or digital shredding schedules can now be done with a few clicks directly by business users - without the need of IT involvement - while ensuring auditability throughout the entire process. You found this to be the smartest way to meet GDPR requirements. All emails or documents with personal information will be tagged, and the system will use this metadata to secure the content. It´s privacy by default: this makes it easier to ensure timely and efficient response to any Data Subject Access Request - gaining more time to address queries and bringing peace of mind for your business.
Here is how this looks for some of your departments:
Marketing and Sales: Your marketing, sales, and data management teams completed a thorough clean-up of all contact information (prospects, customers), correspondence, and supporting documentation. They sent a communication to all valid contacts in their database with information as to how their data would be managed in compliance with GDPR for client communication and asked them to re-approve future use of their customer information with an "opt-in" for contacts which had not done so already. Sales teams are fully trained in best practices for working with sales data and documents, and they now create, update and manage all presentations, client documents and contracts with personal information directly in your CRM system.
HR: You worked closely with your HR department to identify personal information in several IT systems, but also in lots of filing cabinets. Old irrelevant paper and electronic documents and data was securely destroyed to meet the GDPR requirements for storage limitation. You then implemented SEAL archive to manage personal information in email and documents, and connected this to your HR system to get a unified view of all information you have about staff. You then implemented new predefined consent-based rules for managing personal data - not only for your employees but also for potential candidates who applied but were not hired and for contractors and temporary workers. Your HR team also helped you roll out a series of training and education sessions for your employees. Although it was challenging to retrain users, you and your line of business colleagues are now realising the benefits of changing old, entrenched habits which in the "former world" led to issues such as document version control, document retention issues and employee data handling.
Purchasing: You updated your supplier contracts to ensure suppliers categorized as data controllers or data processers met your data policy standards. You leveraged your information governance platform to manage all contracts and supporting documentation.
Congratulations. You have become a leader within your industry in how you manage personal information - with compliant data privacy policies, a consistent metadata policy, scalable, secure technology and a corporate culture centered on best data management practices.
Is your company ready for GDPR or are you still on the journey to review processes, technology and user behavior? Contact us to learn more about how Star Storage's 16 years of Information Governance expertise can help you along the way.
For more information about SEAL, please visit www.seal-online.com. SEAL is a unified enterprise archiving platform that stores unstructured content and related metadata in a single, consolidated repository. SEAL enables you to protect, reuse and securely share your electronic records, while maintaining compliance, reducing company exposure and mitigating risks.
Would you like to know more?