The General Data Protection Regulation, or GDPR, is based on a simple principle: to strengthen the rights of individuals to their personal data that is collected and manipulated by organisations. In doing this, It imposes on them some complementary obligations. If they are not respected, the sanctions can be significant: administrative fines of up to 20 million euros or 4% of the global annual turnover are foreseen, to which can be added damages for detriment incurred. The respect of these obligations, meanwhile, can induce constraints that are at the same time technical, organizational and professional…
But it is also an opportunity to transform the approach to the management of the data life cycle, so why not use this opportunity to stand out from competition. What’s better than the EDM (electronic document management), and more generally the ECM (including the functions of acquisition of information and incoming documents and management of business processes) to assist you in this process?
Compliance with the GDPR
Being and remaining in compliance with the GDPR can be a difficult task, whether for the small organisations that rarely have the technical and human resources to map all the data handled in their IT systems, or for multinationals that manage ever-increasing volumes of data in an ever-changing IT architecture, or for medium-sized structures. All of them are confronted with the management of exponentially growing volumes of information, often scattered but useful for many IT components in their day-to-day activities. Such a mapping allows not only to categorise the data (banking, health, biometric, social security number …), to identify the purpose for which it is collected, the personnel (internal or external) who treat it, as well as its flows and possible transfer. Also there is certain data that, according to the new European regulation, must be quickly accessible so that each individual can have it rectified, removed (right to forget) or have it transferred (right to portability).
What are the contributions of EDM and ECM solutions in this new regulatory context?
EDM will consolidate documentary information into a single repository
One of the recommendations for a successful GDPR compliance is to create a single platform for gathering all the data. This platform guarantees a 360 ° vision and a mastery of data flows.
EDM solutions make it possible to consolidate documentary information into a single, secure repository in which users instantly access information that is continuously up to date. But then how to handle data relating to individuals? How to allow for the right to forgetting data? How to make sure that personal data are no longer accessible at the request of the owner?
All this work, which the GDPR imposes, is already integrated into the software of EDM.
Functions, generally available by simple parameterisation, make it possible to take mass processing on the stored data (update, anonymisation, export, deletion …).
In addition, EDM makes it possible to manage the information lifecycle. For example, it is possible to configure the solutions to allow the manipulation of the essential personal data, temporarily, for processing purposes (workflow, case management …) and, once the processing is completed, to purge the personal information that is no longer useful to keep.
What the GDPR, the EDM, and more generally the ECM solutions, already propose …