Our recent blogs have focussed on the impact of GDPR around print devices and physical copies of documents, but in many respects that all relies on a degree of user management and human intervention – therefore common sense. There is another aspect of data management that needs consideration when taking GDPR regulations into consideration and that is the actual storage of soft copy documents, in safe and secure environments with appropriate management processes and controls around them.
Unless you are already using a dedicated document management system, it may be that certain files you hold or the way you store them leaves you vulnerable to breaches of GDPR regulations. To clarify this, when we speak about document management systems we mean software packages and systems that are designed specifically to store, index, monitor and manage electronic files – spreadsheets, PDF’s, office files etc.
For those using File Explorer or similar native built in/free to use filing cabinet systems, these do not, in our book, qualify as true document management solutions.
So how can soft copy files leave you vulnerable?
Probably the most obvious example is your data protection policy and any supporting documents that are created to govern your compliance with GDPR regulations. Documents that have a lifetime. These are not one-off documents that, once created, disappear into the abys. They should be agile refence manuals for day to day activity. In this respect they need regular review to ensure that working practices or the regulations themselves have not changed, exposing vulnerabilities. So a true document management system can use workflow to monitor the age of documents and prompt controllers to review them when required or if necessary, delete out of date documents which pose a risk to data protection.
For those purchasing or using data, which always carries a timed licence, for marketing purposes date sensitive management is incredibly important. How many companies reading this know they have a licence but cannot be sure when it expires and whether the data they use for marketing purposes is still valid? Document management systems can manage this for you.
Utilising workflow, user permissions and document control indexes true document management systems/software can be a vital tool in helping you achieve GDPR compliance, removing the reliance on significant manual intervention.
As we work with more and more companies to develop their GDPR policies and practices, it is clear just how deep the regulations go. So introduction of systems and processes that are fully integrated to your other software applications and hardware/devices will help minimise risk and ensure compliance.