Are you ready for the new General Data Protection Regulations (GDPR)? Approved and adopted by the EU parliament, enforcement of the new GDPR is now less than a year away! Read on to see how you can get ready for GDPR.
What is GDPR?
The new GDPR has been designed to provide individuals with greater control over their personal data, establishing one single set of data protection rules across Europe. The aim of the GDPR is to protect all EU citizens from privacy and data breaches and applies to all companies processing and holding data of subjects residing in the European Union, regardless of the company’s location.
The GDPR has defined Personal data as any information relating to an identified or identifiable natural person and includes online identifiers such as IP addresses and cookies. Also included is indirect information such as physical, physiological, genetic, mental, economic, cultural or social identities that can be traced back to a specific individual.
The new regulations have been introduced following years of debate within the European Parliament and were ratified by the European Union back in April 2016. Companies and organisations were given a two–year period to become compliant with the new GDPR. Deadline for compliance is 25th May 2018.
What does this mean for my Business?
The new GDPR has introduced a number of key changes that business will need to comply with. These include:
- Strengthened conditions for consent – consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. Consent must be as easy to withdraw as it is to give
- Breach notification will become mandatory – organisations must notify regulators of any breaches of data that is likely to “result in a risk for the rights and freedoms of individuals” within 72 hours of first having become aware of the breach
- Expanded rights of data subjects – data subjects will have the right to obtain confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Personal data must also be provided free of charge, in electronic format when requested
- The right to be forgotten – data subjects will have the right to request for their personal data to be erased, further dissemination of their data to be ceased and third–party processing of data to be halted
- Data portability – data subjects have the right to receive the personal data concerning them and transmit that data to another data controller
- Privacy by design – data protection will be required to be designed into a system from the onset. Data must only be held and processed for the completion of necessary duties and access should be limited strictly to those who need to act out the processing
The consequences for companies and organisations failing to implement the new regulations has been significantly strengthened from the previous laws. Penalties for violations related to GDPR can be levied up to €20 million or 4% of global turnover, whichever is highest.
How can I get my organisation ready for GDPR?
The penalties for not complying with GDPR are severe and many organisations will now be considering ways to ensure they maintain compliance with the new laws. To get started, it is important that any organisation reviews their existing processes to determine if they are valid under the GDPR. From here, a record of any processes your organisation undertake needs to be maintained whilst product development processes should also be adapted to assess any impact on privacy that may arise for a customer or user.
It is also essential that all companies seeking to comply with GDPR review and update their security procedures. The new GDPR has increased security obligations for organisations, making the maintenance of robust security measures and essential activity.
How DocuWare can ensure you will be GDPR ready!
DocuWare is the leading integrated document management system, used in over 70 countries worldwide. As a complete end–to–end solution, DocuWare handles all the processes associated with a document management system including, capturing and organising documents, providing access and transparency, streamlining collaboration on shared documents and creating a consistent document management infrastructure.
DocuWare can help your organisation be GDPR ready thanks to some of its key features, including:
- Robust Data Security – access to sensitive information can be controlled at all times by limiting viewing rights only to approved individuals, helping to ensure security measures are enforced at all times
- Audit Trails – track the documents any user opens or edits, helping to maintain transparency and compliance with GDPR
- Automated Processes – retention processes can be automated to ensure that data is only held for the amount of time specified within the law
- Intelligent Indexing – documents can be indexed and stored automatically in a location and manner in compliance with GDPR
- Consistent Document Management Infrastructure – reduce errors and improve efficiency with a centralised documents depository that will help to streamline operations
Our Experience
With decades of experience in both Document Capture and Document Management Systems, Mallon Technology is in a unique position to ensure any organisation maintains a consistent and secure approach to the data it handles.
Our services help organisations across the public and private sectors, on a daily basis, to effectively manage and maintain their digital records. If you would like to learn more about how Mallon Technology and DocuWare can help ensure you are GDPR ready, talk to us today to arrange a personal demonstration.
