GDPR is the European Union General Data Protection Regulation. The GDPR will apply to any entity offering goods or services (regardless of payment being taken) and any entity monitoring the behaviours of citizens residing within the EU. Companies are now directly responsible for data protection compliance wherever they are based (and not just their EU-based offices) as long as they are processing EU citizens’ personal data..

The regulation is due to be implemented and become law on 25^th May 2018 and the regulation will replace all data protection legislation in EU member states including the UK’s Data Protection Act 1998.

Non-compliance of the regulations can entail a fine of up to €20 million or up to 4% of worldwide turnover.

This news item is not intended as a guide to GDPR but to show how some of its main requirements can be achieved using, Document Scanning and Document Management software.

Click here to read our Privacy Policy, Supplemental Terms, Terms of Service.

—————————————————————————————————–

Let Us Help, Speak To Us Now? Click Here

—————————————————————————————————–

Data Protection Officer

A Data Protection Officer is recommended for many larger enterprises especially in the Public Sector. The Data Protection Officer has the overall authority to set up and manage the GDPR.

 

With Virtual Cabinet or Volume – The Data Protection Officer will be the, or one of the, controllers of the Document Management system. The Data Protection Officer will therefore be able to decide on privacy settings, retention times and all aspects of personnel information held by the organisation. The one act of installing Virtual Cabinet or Volume resolves nearly all the requirements of the GDPR.

 

Controllers and Processors

Controllers establish the data policy and Processors carry the policy out.

With Virtual Cabinet or Volume – Controllers can have all or some of the administrator’s rights to the operation of  Virtual Cabinet or Volume and the Processors also can be given varying degrees of permissions as to what documents they have access to and what functions they can perform on those documents.

 

Document Retention and Right to Be Forgotten

• Personnel data held must be minimized
• Personnel data must be made available and shared with the minimum number of people
• Personnel data must remain in the system for the minimum time possible

Document Scanning – Scanning your paper files into logical fully indexed digital files provides the ability to quickly find and also backup a clients data. Previously unorganised paper documents become filed once scanned, meaning you can now confirm the documents you have accurately on an individual. Documents that were unknown or incomplete can now fall into a scan and supply all data procedure. Scanning an individuals documents allows all their data to be supplied or if requested, deleted completely.

Virtual Cabinet or Volume – Enables comprehensive retention policies to be set for all documents with destruction dates and automatic notifications of when they are to be destroyed

 

Data Breach

Data breaches must be reported within 72 hours to the DPA (Data Protection Authority).

Virtual Cabinet or Volume – Can help trace the source of a data breach by looking at the document history to see who has accessed the document and what process they performed on the document.

 

Data Portability

The necessary transfer of data from one source to another.

Virtual Cabinet or Volume – Documents can be made available for export in a variety of ways:

• Export documents to the desktop or any other location.
• Export documents and the index values as a csv file. These can then be entered into another chosen document management system.
• Searchable Export in Virtual Cabinet allows documents to be exported to media such a CD, memory stick or zip folder and password protected. Virtual Cabinet or Volume search and viewer functionality allows for documents to be viewed, even if the application to open the file does not exist.

 

Protection

Data Protection must be “Designed In” and a PIA (Privacy Impact Assessment) made. Privacy against unlawful access is especially important for Payroll and Customer information.

Virtual Cabinet or Volume – Has Data Protection designed in:

• All files are encrypted in Volume Remote.
• Passwords are required to enter the system.
• Only chosen users can access documents in particular data bases (Virtual Cabinet or Volume).
• A full RBAC (Role Base Access Control) system operates in all versions of Virtual Cabinet or Volume ensuring precise control of document access and product functionality.
• Documents can be redacted.
• The full history of a document is preserved if required.

 

Records of Processing

Records must be kept when personnel data is processed. Also, staff training levels and accreditation levels can be monitored.

Virtual Cabinet or Volume – Records such as Date entered / date modified / operator / document history / email properties act are automatically kept. Virtual Cabinet or Volume is regularly used as a solution for keeping all staff detail including accreditation status. Setup Outlook diary reminders to notify managers when staff accreditations need renewing.

 

Consent

Records need to be kept with consent for data held especially employee data.

Virtual Cabinet or Volume – As these consents are generated (email / facsimile / Office doc / scanned paperwork, etc), they can be stored securely and easily within Virtual Cabinet or Volume.