Owen Balloch, Marketing Manager, Kodak Alaris Information Management, explores how partners can guide their customers through the maze of new data regulations, by providing solutions to digitise hard copy documents, enabling businesses to locate and retrieve personal information quickly
The General Data Protection Regulation (GDPR), set to come into force in May this year, will force organisations to re-think how they keep, secure and process customers’ data.
The new regulation is designed to hand power back to the owner of the data. For example, any citizen or organisation wishing to be deleted from a database has the right for every record relating to them to be removed without trace, for example, where the data subject withdraws consent or where there is no compelling reason for the continued processing of that data. The onus is on the database owner to ensure they have kept track of these interactions and can readily comply with such a demand.
Are your customers GDPR-ready?
GDPR provides the channel with an opportunity to have a different conversation with customers about the business benefits of digitisation – as a reliance on manual, paper-based processes to store, manage and distribute information is not only a barrier to successful digital transformation, but may also be a more labour-intensive process following implementation of GDPR.
Organisations already face huge challenges meeting regulatory requirements for securing data. It is ubiquitous, embedded in countless repositories and enters organisations in multiple formats including email, email attachments, voice, image and video files.
With paper, it’s almost impossible to know which documents contain personal data, such as the data subject’s name, age, address, date of birth, passport number or credit/debit card details; what personal data is currently stored; where documents containing personal data are located; and more importantly, ensuring the organisation can delete that information, when required. The same applies to other data, including images and digital documents.
Under GDPR, in addition to the high standards for obtaining a data subjects’ consent and rights for data subjects to restrict a company’s processing of their data amongst other things, an organisation must have the ability to fnd out all references to an individual across all their systems, for example to enable the data subject to ‘access’ the data you hold about them, request the rectification of data held by you as well as to delete all references to them upon request.
To do this data controllers must be able to locate the information in a timely manner – which can be difficult when paper files and documents are dispersed throughout the organisation, in filing cabinets and storerooms, often across multiple ﬂoors, offices or sites.
A significant portion of business workﬂows are still paper-based and the pressing requirement to conform to various different legislative requirements across all sectors is one of the key drivers for digital transformation.
Today’s complex data environment requires an integrated approach to information management. Successful digital transformation begins with information capture and an information capture ecosystem comprising scanners, software, services and partners, designed to remove complexity, plays an integral part in enabling organisations to address regulatory compliance requirements.
With GDPR, organisations will need to know which documents contain personal data, what personal data is currently stored, why the personal data is stored and what consents are in place for processing of such data, where those documents are located and that they can delete that personal data if requested.
Once documents are scanned, the existence of data subjects’ personal information needs to be identified across and within all digital records, so that organisations can take the first step towards understanding what they need to do to ensure that they are GDPR compliant.
The same applies to document images such as TIFFs, JPEGs and non-searchable PDFs, as well as digital documents including Word, Excel, searchable PDFs, etc. that might also contain personal data.
Customers will need help corralling the mountain of data dispersed throughout their organisation into one central source, enabling them to identify and retrieve personal data they may hold on data subjects.
Alaris scanners and software solutions make it easy to seamlessly digitise legacy fles as well as capture new information as it enters an organisation.
The ability to find, classify and monitor personal data is critical to GDPR management, software providers, one of which is Folding Space, offer an automated, easy to use, software programme, GDPR Discovery, which can assist organisations in avoiding the heavy fines and reputational risk associated with non-compliance.