GDPR and the ECM platform
It is now just over 3 years (25 May 2018) since compliance with the principles of GDPR became law in the UK and despite the UK exiting the EU, meaning the legislation was essentially ‘versioned’ as UK GDPR, those same key principles still apply.
At the beginning of 2021, a DLA Piper research article quoted the total figure for GDPR related fines to be at EUR272.5 million (about USD332.4 million / GBP245.3 million) and showed that there was an average of 331 GDPR breach notifications submitted per day – an increase of 19% on the previous year.
So where does your ECM (Enterprise Content Management) platform fit into compliance with GDPR? Well that very much depends what data content your company stores, what your employees access that data for and where your data is accessed from. Ask yourself these questions:
- What documents does your business process and store – do they include personal information?
- Can you locate all the documents you have stored?
- How long does it take to locate the documents you have stored?
- Are all of your documents stored in one location / platform?
- Are you sure you have all the documents?
- Are you aware of the number of copies that exist for each document?
- Do you have sufficient controls in place to prevent access to any document you control (digital or physical)?
Know WHERE your information is stored – by using an ECM platform as the hub for your company’s documentation / information storage, you can confidently attest to not only knowing where the documents are but also that they can be retrieved quickly and that those retrieved are the ‘complete’ record set.
Apply ACCESS CONTROLS to your stored information – most ECM platforms use a role based security principle that allows granular controls over access to information within the system. Global policies can also be applied to prevent the duplication (by printing / downloading) of any document, not just the ability to view or not.
Retention COMPLIANCE – your ECM platform can manage the lifecycle of information stored within it automatically (based on a document type configuration for example) or allow efficient manual governance for a records manager either as part of a routine audit or an individual request under GDPR rights.
Audit and ACCOUNTABILITY – know who, when and (potentially) how data stored by your company was accessed and what other actions were taken on those records – view / print / edit / deleted etc
These are a small snapshot of the ways that a well implemented ECM platform can help your business comply with the seven key principles of UK GDPR, focussed around responsible handling of sensitive data:
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality (security)
As always, PacSol can help review and revise any aspect of your existing ECM platform to satisfy any specific requirements, please just reach out to our support team directly.
Toby Gilbertson, Customer Services Manager. June 2021.
#PacSolUK #GDPR #DocumentManagment #ECM #EnterpriseCotentMangement #Compliance