It’s six months since the General Data Protection Regulation (GDPR) came into effect, and it’s fair to say that it has been viewed as a headache for many organisations. This strict legislation brings greater accountability into how firms process, store and secure their data. The problem is that many hold their data in multiple locations and, worryingly, some don’t even know where or how all of their data is stored.
Complying with the GDPR, then, becomes extremely difficult. But the regulation isn’t going away – it’s a necessity that all businesses must adhere to. Moreover, the GDPR affects every department in the organisation that holds data from sales and marketing through to finance, HR, procurement and IT. Compliance can’t be left to the legal experts alone.
Achieving GDPR readiness requires everyone to reliably streamline all personal data held in various documents and emails held across disparate systems, network folders, and even those still in paper-based storage. This throws up the following questions:
- Can you instantly locate all the documents, emails and phone call recordings for a customer or an employee?
- Are they all stored in one location?
- Do you know how many copies of the data exists?
- What about paper records: how would you transmit those electronically, and within the required time-frame?
- Can document access be restricted to authorised employees to stop company documents get into the ‘wrong hands’ putting the company at risk of a security breach?
However, it’s not all gloom and doom. The GDPR also represents a major opportunity for organisations to transform their approach to privacy, harness the value of data, and ensure they are fit for the digital economy.
Deploying the right technology will go a long way to helping organisations and their staff manage personal data and comply with the GDPR.
One technology that can help is automation. These software ‘robots’ can automate the tasks involved in the manual implementation of compliance, which are often seen as repetitive, time-consuming and, quite frankly, boring. Data can be processed, stored and secured with automation tools much quicker than humans can – and without error. This in turn helps minimise the level of cyber risk and actually improves an organisation’s security.
An automated cloud-based document management system, for example, stores, manages and tracks electronic documents and electronic images of paper-based information, in one secure place. It also helps organisations meet GDPR compliance requirements by providing traceability on all documents. This can support them on a range of issues including:
- The right to be forgotten – locating and erasing all data on an individual is a time-consuming and difficult task, especially if it’s spread over many different sites and locations, duplicated or even lost. By automating the storage of files into one location, finding and erasing the relevant ones is a much simpler and efficient process.
- Consent – consent rights have been strengthened for individuals under the GDPR. Organisations must not only be able to prove they obtained permission to store and use data from an individual, but supply electronic copies of private records on-demand. Automation can make this task far less difficult.
- Privacy by design – the GDPR also talks about ‘privacy by design’, whereby data protection is hardwired into the processes and behaviours of the organisation. Automating key processes encourages everyone to work to the same procedures, and can also show strong compliance by evidencing all communications and involvement with a client, as well as controlling who has access to what data.
- The right to access – individuals have the right to access their personal data. The information provided to the individual must be done using ‘reasonable means’ and within one month of receipt. By automating information into one system, it can be easily accessed, and efficiently sent to the individual within the set timescale. All actions will also have audit trails and documents cannot be accidentally deleted, providing confidence that the right data can easily be passed on.
- The right to data portability – this allows individuals to move, copy or transfer personal data easily and securely from one IT environment to another. Fulfilling this request is made simple with automation. All the information can be easily located, retrieved and sent on within the set timescale in an approved format.
- Breach notification standards – the GDPR introduces a duty on all organisations to report certain types of data breach to the relevant authority, and in some cases to the individuals affected, within 72 hours of becoming aware of it. A breach can be identified and reported immediately using with automation, which is almost impossible to do when dealing with paper documentation in various locations.
Of course, automation will never take away an organisation’s compliance responsibilities, but it can certainly help make the journey to compliance less stressful. And it will only work if there is a willingness from the workforce to adopt it. Employees have to see the value in using automation to achieve compliance and not see it as a hindrance to their role.
So how can businesses ensure this happens? The simple answer is regular training and awareness. We often hear that end-users are the weakest link when it comes to data security and that businesses must provide staff training programs. These, we also know, must be relevant and frequent if employees are to really keep the GDPR in mind. But what organisations mustn’t fail to include is technical training support – that is to show staff what tools can aid GDPR compliance and how they can help them do their jobs better.
Automation can be a positive force for just about every business process in every industry in the world. Imagine the impact it would have if it enabled every organisation to put its data in order and comply with the GDPR. There would be far less headaches for sure.
The bottom line? Don’t ignore automation’s potential. It can transform your firm’s approach to privacy, harness the value of data, and ensure it is fit and secure for the digital era. The GDPR is already in effect, but it’s not too late to review your current technologies.
Dean McGlone is Sales Director at V1
Image Credit: Cordis Technology