Document ManagementDocument Management

GDPR forces organisations to know all the data it holds on individuals, that it has consent or a valid business reason to hold the data; that it’s never held longer than necessary, and any SAR requests are completed within a month.

Our data management systems are effective ways of viewing your data once digitalised.

Eview

Restore’s eView platform is our cloud based, cost effective electronic data management system, with full audit, tracking and reporting functions.

DocuWare

DocuWare stores all your documents, regardless of their source of format, in a secure and organised manner, across a central document pool. One search quickly locates related documents right from your desktop. Authorised customers and partners can use the internet to view the documents they need.

GDPR Checklist

GDPR Main principles What does it mean in practice? How Restore support them - enabling compliance with minimum effort

Lawfulness, fairness & transparency

  • You can only collect personal data for a valid reason under GDPR (known as a "lawful basis")
  • Individuals must know that you are collecting their personal data, what you are collecting, why you are doing it and who has access to it
  • You must not process the data in a way that is unduly detrimental, unexpected or misleading to the individuals concerned
  • Restore help organisations by auditing all data currently held, removing dark boxes of unknown content and allowing you to understand what you have, and where (i.e. hard copy, electronic file, email)
  • We then help by cataloguing and categorising the data; high lighting non-compliance or future risks

Purpose limitation

  • You must be clear about your purpose for collecting, keeping and storing the data from the start
  • You can only use the data for a new purpose if this is compatible with your original purpose, you obtain consent for the new purpose, or you have a clear basis in law
  • Your purposes must be documented and communicated to individuals
  • Keeping documents containing personal data digitally, in a purpose-built document management system with clear categories of document types assigned will allow you to better implement changes should you wish to amend the purpose(s) for which you process the personal data

Data minimisation

You must ensure the personal data you are processing is:

  • Adequate - sufficient to properly fulfil your stated purpose
  • Relevant - has a rational link to that purpose
  • Limited to what is necessary - you do not hold more than you need for that purpose
  • Digital files allow you to quickly, even automatically, delete what you no longer need

Accuracy

  • You should take all reasonable steps to ensure the personal data you hold is not incorrect or misleading as to any matter of fact
  • You may need to keep the personal data updated, although this will depend on what you are using it for
  • If you discover that personal data is incorrect or misleading, you must take reasonable steps to correct or erase it as soon as possible
  • You must carefully consider any challenges to the accuracy of personal data
  • Digitalising all data allows you to have data in one place. Putting it in viewing software like eView ties data together; allowing you to update easily, so information is always accurate
  • Indexing, meta data and robotic processing can ensure data that sits in more than one system can be updated across the board simply

Storage limitation

  • You must not keep personal data for longer than you need it
  • You need to think about - and be able to justify - how long you keep personal data. This will depend on your purposes for holding the data
  • You need policy setting standard retention periods wherever possible, to comply with documentation requirements
  • You should also periodically review the data you hold, and erase or anonymise it when you no longer need it
  • You must carefully consider any challenges to your retention of data. Individuals have a right to erasure if you no longer need the data
  • You can keep personal data for longer if you are only keeping if for public interest archiving, scientific or historical research, or statistical purposes
  • Digital files facilitate the automation of retention policy application, especially when different documents in the same record have different retention periods, as is often the case in HR for example
  • Rules can be set up that can move data (whole files or specific info) into recycle bins automatically

Integrity & confidentiality

  • You must ensure that you have appropriate security measures in place to protect the personal data you hold
  • This is the 'integrity and confidentiality' principle of the GDPR - also known as the security principle
  • Specific ownership and reader permissions can be created to ensure confidentiality, while permitting access to those who need just some of the documents in a file but don't have clearance to see the whole file
  • Digital files also permit better controls and can eliminate duplicates, printing, sharing of personal data; or at the very least provide an audit trail of all activity

Accountability

  • The accountability principle requires you to take responsibility for what you do with personal data and how you comply with the other principles
  • You must have appropriate measures and records in place to be able to demonstrate your compliance
  • A document management system with version control and audit trail will facilitate control and evidencing of compliance by providing a central repository of documents, setting up alerts for review, providing approval and review workflows and most important of all - enable reporting to demonstrate GDPR compliance activity should you need to
  • Data Protection Impact Assessments (DPIAs) can be turned into electronic forms and digital workflows so you can monitor progress in real time and keep track of all DPIA related activity, with a full audit trail

Individual rights

  • Individuals have the right to access their personal data
  • This is commonly referred to as subject access
  • Individuals can make a subject access request verbally or in writing
  • You have one month to respond to a request
  • You cannot charge a fee to deal with a request in most circumstances
  • SAR requests can be completed by the click of a button, and the whole process digitised to ensure full audit trail, management intelligence and easy real time monitoring of progress against the deadline
GDPR Main principles

Lawfulness, fairness & transparency

What does it mean in practice?

  • You can only collect personal data for a valid reason under GDPR (known as a "lawful basis")
  • Individuals must know that you are collecting their personal data, what you are collecting, why you are doing it and who has access to it
  • You must not process the data in a way that is unduly detrimental, unexpected or misleading to the individuals concerned

How Restore support them - enabling compliance with minimum effort

  • Restore help organisations by auditing all data currently held, removing dark boxes of unknown content and allowing you to understand what you have, and where (i.e. hard copy, electronic file, email)
  • We then help by cataloguing and categorising the data; high lighting non-compliance or future risks

Purpose limitation

What does it mean in practice?

  • You must be clear about your purpose for collecting, keeping and storing the data from the start
  • You can only use the data for a new purpose if this is compatible with your original purpose, you obtain consent for the new purpose, or you have a clear basis in law
  • Your purposes must be documented and communicated to individuals

How Restore support them - enabling compliance with minimum effort

  • Keeping documents containing personal data digitally, in a purpose-built document management system with clear categories of document types assigned will allow you to better implement changes should you wish to amend the purpose(s) for which you process the personal data

Data minimisation

What does it mean in practice?

You must ensure the personal data you are processing is:

  • Adequate - sufficient to properly fulfil your stated purpose
  • Relevant - has a rational link to that purpose
  • Limited to what is necessary - you do not hold more than you need for that purpose

How Restore support them - enabling compliance with minimum effort

  • Digital files allow you to quickly, even automatically, delete what you no longer need

Accuracy

What does it mean in practice?

  • You should take all reasonable steps to ensure the personal data you hold is not incorrect or misleading as to any matter of fact
  • You may need to keep the personal data updated, although this will depend on what you are using it for
  • If you discover that personal data is incorrect or misleading, you must take reasonable steps to correct or erase it as soon as possible
  • You must carefully consider any challenges to the accuracy of personal data

How Restore support them - enabling compliance with minimum effort

  • Digitalising all data allows you to have data in one place. Putting it in viewing software like eView ties data together; allowing you to update easily, so information is always accurate
  • Indexing, meta data and robotic processing can ensure data that sits in more than one system can be updated across the board simply

Storage limitation

What does it mean in practice?

  • You must not keep personal data for longer than you need it
  • You need to think about - and be able to justify - how long you keep personal data. This will depend on your purposes for holding the data
  • You need policy setting standard retention periods wherever possible, to comply with documentation requirements
  • You should also periodically review the data you hold, and erase or anonymise it when you no longer need it
  • You must carefully consider any challenges to your retention of data. Individuals have a right to erasure if you no longer need the data
  • You can keep personal data for longer if you are only keeping if for public interest archiving, scientific or historical research, or statistical purposes

How Restore support them - enabling compliance with minimum effort

  • Digital files facilitate the automation of retention policy application, especially when different documents in the same record have different retention periods, as is often the case in HR for example
  • Rules can be set up that can move data (whole files or specific info) into recycle bins automatically

Integrity & confidentiality

What does it mean in practice?

  • You must ensure that you have appropriate security measures in place to protect the personal data you hold
  • This is the 'integrity and confidentiality' principle of the GDPR - also known as the security principle

How Restore support them - enabling compliance with minimum effort

  • Specific ownership and reader permissions can be created to ensure confidentiality, while permitting access to those who need just some of the documents in a file but don't have clearance to see the whole file
  • Digital files also permit better controls and can eliminate duplicates, printing, sharing of personal data; or at the very least provide an audit trail of all activity

Accountability

What does it mean in practice?

  • The accountability principle requires you to take responsibility for what you do with personal data and how you comply with the other principles
  • You must have appropriate measures and records in place to be able to demonstrate your compliance

How Restore support them - enabling compliance with minimum effort

  • A document management system with version control and audit trail will facilitate control and evidencing of compliance by providing a central repository of documents, setting up alerts for review, providing approval and review workflows and most important of all - enable reporting to demonstrate GDPR compliance activity should you need to
  • Data Protection Impact Assessments (DPIAs) can be turned into electronic forms and digital workflows so you can monitor progress in real time and keep track of all DPIA related activity, with a full audit trail

Individual rights

What does it mean in practice?

  • Individuals have the right to access their personal data
  • This is commonly referred to as subject access
  • Individuals can make a subject access request verbally or in writing
  • You have one month to respond to a request
  • You cannot charge a fee to deal with a request in most circumstances

How Restore support them - enabling compliance with minimum effort

  • SAR requests can be completed by the click of a button, and the whole process digitised to ensure full audit trail, management intelligence and easy real time monitoring of progress against the deadline

The benefits of digitalising your data

  • purple-auditrailonly

    Audit Trail

     

  • purple-pound-new

    Save Money

     

  • purple-sec-auditrail

    Security & Audit Trail

     

  • purple-shareintelligence-new

    Share Intelligence

     

Case Studies

Restore Digital Enfield Council Case Study

Blogs you might be interested in reading

Key Benefits of a Digital Mailroom for any Organisation

Key Benefits of a Digital Mailroom for any Organisation

Paper still plays an important role in most, if not all, businesses. Find out how our mailrooms help ensure they are not cumbersome in a digital world.

The new era of digitisation in banking?

The new era of digitisation in banking?

Why investment into back-office digitalisation is important in an agile banking world, leading the way in the call for modernisation and long-term cost savings

How eView helps you to comply to GDPR

How eView helps you to comply to GDPR

To remain GDPR compliant, you will have to understand and classify the personal data you hold and process, as well as ensure you maintain its availability, integrity and confidentiality.