The General Data Protection Regulation (GPDR) came into force in May 2018, and it has had a huge influence across businesses in almost every industry. The regulation was brought in by the EU to provide businesses with clarity over their surrounding data protection, and providing individuals with greater control over their data.
What this means for businesses in practice is that changes were necessary in the way that they store documents and other data that contains personal information. It is essential that your business is compliant with the GDPR, as failing to do so can lead to you being fined very heavily.
To help you avoid this situation, we take a look at exactly how the GDPR has changed document storage, and what you need to do to remain compliant.
It’s about the individual
Clearly, the major and most significant change that the GDPR is looking to instigate is to put the rights to personal data and private information back in the hands of the individual, and away from businesses.
If a company handles, stores, and processes the kinds of personal data that make it possible to identify someone, that person is given far more rights over that data that they had before. The kind of data involved includes everything from banking details to their IP address.
One major change is that an individual now has the right to know which parts of their data are being stored, processed, and used – alongside how that data is being used. You may remember the flood of annoying (and possibly even illegal) emails in your inbox from companies wanting to update their policies and ensuring that they still had the right to use your data.
However, there are a number of other rights that individuals are granted, rather than just knowledge over their data.
For example, if you know that a company is currently using your data you can request that data modified or deleted at any time, and the company must respond and take action to process your request.
“You can also ask for your data not to be used in a certain way – for example, to allow you to stop receiving marketing emails from an organization. Companies, therefore, need to have the capability within their system to make modifications and changes to data, as well as deleting it permanently, if requested. Companies that do not have the ability to do this are technically in breach of the GDPR.“ Images-On-Line.
How this affects businesses
The changes brought in by the GDPR have meant that many businesses have had to make significant changes to how they operate and the systems that they use on a day-to-day basis. A key example of this is that as individuals now have the right to request which details of theirs that a company has stored, it is essential that a business has a system in place that allows for this sort of information to be recalled very quickly. Under the GDPR, businesses are required to be able to delete or modify this data without ‘undue delay’.
It should also be pointed out that these regulations mean that you need to have a much closer understanding over the data that is owned by your business, but that that is actually held by a different business. For example, you may have a software provider or a cloud server that is managed by another business.
If your business suffers a data breach then you need to have the capability to report the breach to anyone who has been affected within 72 hours.
Managing physical documents
It is a mistake to think about the impact of the GDPR only in terms of the digital data that you store. While there has been an emphasis on data stored in computer systems, the regulations do cover all forms of data including physical documentation. If your business still holds a large number of paper copies of documents, then you need to think very carefully about your responsibilities.
Many businesses are actually now preferring the simplicity of an entirely digital system to avoid having to deal with this issue. As it is now possible to have your physical documents professionally scanned either at your premises by a specialist firm, or in a secure facility – the whole process can be simple and effective.
About the author: Mike James is an experienced business writer specializing in HR, tech, and cybersecurity. On the latter, he has contributed to many of the leading publications both online and in print – such as StaySafeOnline, GlobalSign, Tech London and more.