GDPR is the European Union General Data Protection Regulation. The GDPR will apply to any entity offering goods or services (regardless of payment being taken) and any entity monitoring the behaviours of citizens residing within the EU. Companies are now directly responsible for data protection compliance wherever they are based (and not just their EU-based offices) as long as they are processing EU citizens’ personal data..
The regulation become law on 25th May 2018. It replaces all data protection legislation in EU member states including the UK’s Data Protection Act 1998.
Non-compliance of the regulations can entail a fine of up to €20 million or up to 4% of turnover.
This news item is not intended as a guide to GDPR but to show how some of its main requirements can be achieved using File Stream Document Management.
A Data Protection Officer is recommended for many larger enterprises especially in the Public Sector. The Data Protection Officer has the overall authority to set up and manage the GDPR
File Stream – The Data Protection Officer will be the controller , or one of the controllers of the File Stream Document Management system. The Data Protection Officer will therefore be able to decide on privacy settings, retention times and all aspects of personal information held by the organisation. The one act of installing File Stream resolves nearly all the requirements of the GDPR.
Controllers establish the data policy and Processors carry the policy out.
File Stream – Controllers can have all or some administrator rights in setting up File Stream. The Processors can also be given varying degrees of permissions as to what documents they have access to and what functions they can perform on those documents.
File Stream – Enables comprehensive retention policies to be set for all documents with destruction dates and automatic notifications of when they are to be destroyed
Data breaches must be reported within 72 hours to the DPA (Data Protection Authority)
File Stream – Can help trace the source of a data breach by looking at the document audit trail and revision history to see who accessed the document and what they did with it.
The necessary transfer of data from one source to another.
File Stream – Documents can be made available for export in a variety of ways:
Data Protection must be “Designed In” and a PIA (Privacy Impact Assessment) made. Privacy against unlawful access is especially important for Payroll and Customer information.
File Stream – Has inbuilt Data Protection:
Records must be kept when personal data is processed. Also, staff training levels and accreditation levels can be monitored.
File Stream – Information such as date entered / date modified / operator / document history / email properties are automatically kept. File Stream is regularly used as a solution for keeping all staff detail including accreditation status. An in built diary can be used to notify managers when staff accreditations need renewing.
Records need to be kept with consent for data held especially employee data.
File Stream – As these consents are generated (email / fax / Office doc / scanned paperwork, etc), they can be stored securely and easily in File Stream.
Need more information? Speak to one of our experts.