To remain GDPR compliant, you will have to understand and classify the personal data you hold and process, as well as ensure you maintain its availability, integrity and confidentiality. You will also have to ensure you have everything in place to comply with the regulations. Compliance and following best practice is vital to minimise risks such as the potentially large fines, as well as damage to reputation.
Your organisation can hold a large amount of personal data. Under GDPR it includes any and all information or data that identifies a natural person (i.e. the data subject) such as an individual’s genetic data; biometric data; location data; and online identifiers.
An managed document management system such as eView will help you comply with GDPR
Capture, manage, process, store and also retrieve you and your customers’ information and data.
1. Personal data
eView allows organisations to enforce the security and governance required to protect customer information. It helps companies to categorise and manage personally identifiable information (PII) according to GDPR requirements.
2. The movement and sharing of data
Understanding and controlling (including preventing where necessary) the movement of data is vital. Once a file or object is labelled as containing PII, the eView can automatically initiate other actions to ensure proper treatment and handling of information according to the new regulation.
3. Assigning processing conditions and consents
eView can track changes to PII files and objects, and provide an audit trail to show who changed what, and when.
4. Applying sophisticated security and protection
eView will provide the security to prevent unauthorised users from sharing or printing files containing sensitive PII information. Redaction functionality can also be used where PII information is required to be masked.
5. Applying retention policies and disposal processes
The system will allow you to enforce custom rules and retention schedules as dictated by legislation ensuring PII data isn’t kept longer than necessary.
6. Handling subject access requests
Applying access control and permission management will ensure only authorised users can access PII.
7. Responding to requests to have inaccuracies corrected or to have information erased
eView has powerful search facilities to assist with document retrieval and disposal should there be a requirement to amend or dispose of PII information upon request.
8. Enabling “Data Protection by Design” in business processes
eView will provide an audit trail and version control to track access to the system and its files, ensuring compliance, and avoiding data breaches.