Managing the EU GDPR

null

In the age of digitalisation, data is the most important resource for companies. The more companies know about their equipment, customers and markets, the better they are able to align their business towards success. However, access to all this data also brings with it a great responsibility. Nowhere does this become clearer than in the context of the European General Data Protection Regulation (EU-GDPR), which came into force on the 25th of May 2018 and which continues to cause uncertainty in companies worldwide. Now the goal for companies should be to continue curating the wealth of data and information at their disposal while ensuring compliance with the strict new regulation to avoid the harsh penalties that come with it.

The challenges ahead

The idea behind the GDPR is to provide additional protection for the personal data of EU citizens. Every organisation which is offering goods or services in the European Union and which collects, processes and analyses personal data to do so, is subject to the new regulation. These companies have to ensure that they maintain an overview of the collected data at any time and upon request they have to be able to provide detailed information about any set of data they collected – or delete that particular set of data if requested. In addition, they must also prevent unauthorised third parties from gaining access to the data – and they face heavy penalties upon failing to do so: Companies who fail to comply with the GDPR can expect fees of at least EUR 10 million or two per cent of the company’s annual revenue for minor cases, or up to EUR 20 million or four per cent of the annual revenue for more severe cases.

Unstructured data equals risk

The critical issue for many companies will be the mass of unstructured information contained in physical and digital documents and pictures somewhere in the companies’ grown structures, which nobody knows too much about. According to a Gartner survey, over 80 per cent of all data in companies is unstructured, which constitutes a high compliance risk in the context of the GDPR because unstructured data nonetheless also falls under the umbrella of the regulation. Consequently, regaining control over this unstructured data, identifying the corresponding documents, managing high-risk documents and aligning internal guidelines to the legal stipulations are the important steps to ensure that your company is able to comply with the GDPR and avoid heavy penalties.

Where to start

The first step for companies should be to take stock of the status quo. That starts with analysing how sensitive data and documents are currently identified and secured in their systems and databases. Additionally, the responsible decision-makers should find out, to which degree their company is already fulfilling any legal requirements regarding transparency, and how security violations are identified and communicated by their company. They should also review the current training measures in this regard. Such an analysis of the status quo helps to identify where more work is still necessary. This overview then enables companies to determine and implement the necessary measures in order to become GDPR-compliant.

You’re only as good as your tools

To help them with these tasks, companies need the correct software solutions. There are different document management systems, which are specifically designed to assist in fulfilling the requirements of the GDPR by helping decision-makers see the big picture again and implement transparency-focused security measures. As an example, Ephesoft Transact focuses on four essential aspects to help fulfilling GDPR requirements: uncovering, managing, protecting and providing. 

The software helps companies to identify documents which actually contain personal data, which is the first step towards data transparency. It can also be integrated seamlessly into the company’s business processes, which allows it to support the everyday management of both old and new content. An integrated security feature assists decision-makers in identifying and reacting to violations and gaps in security as soon as possible, allowing them to reliably fulfil their legal duty to report them. To ensure that all data is readily available at any time, the software also creates a private information catalogue as well as an inventory, so enquiries about stored data can be processed immediately and – if requested by the user – personal data can be deleted easily and verifiably. 

Thanks to a wide range of APIs, Ephesoft Transact can process data from many different sources, from e-mails to scanned documents and mobile data to faxes and already saved files. The input is first directed to the Ephesoft server; the server itself can be located on premise or in the cloud and it doesn’t matter if the rest of the systems are Windows- or Linux-based. Afterwards the input documents are analysed by the solution and the contained data is classified via Supervised Machine Learning. Unclear classifications are sent to a human user, who can help the system in finding the correct one. That means, the solution learns through every single piece of input, allowing it to continuously develop. If the data needs to be processed further, it can then be exported into different formats, filing systems or databases such as SAP, XML or CSV.

Document management benefits everyone

In the context of the GDPR, smart software for document analysis is relevant for every company which is conducting business in the European Union and collecting, saving or processing personal data. Additionally, gaining actionable information from until then unstructured data is of interest to every organisation, whose business processes require the processing of large volumes of data. Optimising your document management can lead to significant competitive advantages and positively impact your bottom line. Financial service providers, banks, insurers as well as accounting and controlling departments and the public sector can benefit the most, because of the high volume and degree of sensitivity of the information which they process. Meanwhile, SMEs, for which other document management solutions are often quite expensive, can use Ephesoft Transact to gain an affordable, subscription-based Capture-as-a-Service model, which enables them to fulfil the requirements of the GDPR.

Enno Lueckel, Vice President EMEA, Ephesoft
Image source: Shutterstock/Wright Studio