Does your organisation deal with the general public? Do you keep data about the people that you deal with in paper or digital format?
If the answer to these questions is yes, then it is likely that the GDPR could have a significant impact on the way that your organisation goes about its business.
First and foremost is that the GDPR means that confidentiality and security of information will become paramount, if that isn’t the case already, and the information in paper format will be treated in exactly the same way as digital information. Encrypting digital data from now on will be the standard way to operate but securing information held on paper may be more problematic.
Data should only be kept for as long as it is needed.
The people that you deal with, what the regulations call data subjects, will have a right under the new legislation to have access to information that is held about them and if it is wrong in any way, then they can have it corrected.
People will also have the right to be forgotten, and a right of “data portability”. In other words, take their information out of one system and transfer it to another, for their own benefit.
The regulations also say that people should be provided with the information in electronic format, within 4 weeks of a request being made, and by the way, the person requesting the information will not have to pay.
Organisations will also have to demonstrate that data is only kept for as long as it is needed. How long that is will depend on the organisation but it will have to be justified when systems are audited.
These new individual rights could add a substantial burden to any organisation that stores information about their clients and if that information is paper based then that could make the job a whole lot harder.
So, what is required to satisfy these parts of the new regulations? In simple terms it’s a secure, efficient system to handle requests from people about the information that is held about them.
The system should also be able to track and control requests from people to ensure that deadlines are met, with notifications and alerts about any underperforming areas so that they can be addressed in a timely manner.
Paper documents will need to be converted to digital, either at the time of the request or beforehand to satisfy the requirements of providing the information electronically.
If you need help with making your document management systems GDPR compliant then please get in touch.
To read the full details of the GDPR the information is available on the ICO website: