Contact us

Leave us a message

our experts

GDPR: how EDM and ECM contribute to your compliance

Implemented on 25 May 2018, the GDPR, a general regulation on data protection, applies to all organisations that collect, process and store personal data relating to residents of the European Union, in order to strengthen the rights of individuals. But do not panic, your EDM has already planned everything (or almost), and can even help you optimise the lifecycle management of this data.

The General Data Protection Regulation, or GDPR, is based on a simple principle: to strengthen the rights of individuals to their personal data that is collected and manipulated by organisations. In doing this, It imposes on them some complementary obligations. If they are not respected, the sanctions can be significant: administrative fines of up to 20 million euros or 4% of the global annual turnover are foreseen, to which can be added damages for detriment incurred. The respect of these obligations, meanwhile, can induce constraints that are at the same time technical, organizational and professional…

But it is also an opportunity to transform the approach to the management of the data life cycle, so why not use this opportunity to stand out from competition. What’s better than the EDM (electronic document management), and more generally the ECM (including the functions of acquisition of information and incoming documents and management of business processes) to assist you in this process?


Compliance with the GDPR

Being and remaining in compliance with the GDPR can be a difficult task, whether for the small organisations that rarely have the technical and human resources to map all the data handled in their IT systems, or for multinationals that manage ever-increasing volumes of data in an ever-changing IT architecture, or for medium-sized structures. All of them are confronted with the management of exponentially growing volumes of information, often scattered but useful for many IT components in their day-to-day activities. Such a mapping allows not only to categorise the data (banking, health, biometric, social security number …), to identify the purpose for which it is collected, the personnel (internal or external) who treat it, as well as its flows and possible transfer. Also there is certain data that, according to the new European regulation, must be quickly accessible so that each individual can have it rectified, removed (right to forget) or have it transferred (right to portability).

What are the contributions of EDM and ECM solutions in this new regulatory context?


EDM will consolidate documentary information into a single repository

One of the recommendations for a successful GDPR compliance is to create a single platform for gathering all the data. This platform guarantees a 360 ° vision and a mastery of data flows.

EDM solutions make it possible to consolidate documentary information into a single, secure repository in which users instantly access information that is continuously up to date. But then how to handle data relating to individuals? How to allow for the right to forgetting data? How to make sure that personal data are no longer accessible at the request of the owner?

All this work, which the GDPR imposes, is already integrated into the software of EDM.
Functions, generally available by simple parameterisation, make it possible to take mass processing on the stored data (update, anonymisation, export, deletion …).

In addition, EDM makes it possible to manage the information lifecycle. For example, it is possible to configure the solutions to allow the manipulation of the essential personal data, temporarily, for processing purposes (workflow, case management …) and, once the processing is completed, to purge the personal information that is no longer useful to keep.

What the GDPR, the EDM, and more generally the ECM solutions, already propose …