What are you doing about GDPR?
Written in collaboration with AIIM Chief Evangelist John Mancini
May 2018 is just around the corner, and there is a mad scramble to figure out what to do about GDPR.
A new set of European rules and standards related to privacy and data protection (the General Data Protection Regulation, or GDPR) has set in motion a mad compliance scramble not for European companies, but for any company doing business in Europe or with European customers.
The regulation codifies many privacy rights and creates an explicit obligation to the controller as well as the processor to be able to demonstrate their compliance to the GDPR. The clock is ticking – the regulation goes into effect in May next year, and the potential penalties for non-compliance are significant (up to 4% of the total worldwide annual turnover).
So what does this mean?
Managing unstructured information and documents are key to GDPR compliance. According to the European Commission, “Personal data is any information relating to an individual, whether it relates to his or her private, professional or public life.” The Commission notes, “It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”
A key element in GDPR is data security. A metadata driven system can easily enforce advanced security (dynamic security based on the value of the metadata) to protect the content based on what is it and not on where it is stored.
All Users, not just Compliance types
A comprehensive GDPR solution should address not only C-Level Compliance and Security Executives and Legal Directors, but every single line of business user working with Personally Identifiable Information (PII). Privacy Controls must be embedded in the architecture of IT systems, operations, and business processes without lessening functionality for the User.