The EU General Data Protection Regulation (GDPR) becomes effective in May 2018. The requirements have to be met by all companies that process personal data. That applies to (almost) every company. Any violation from May on might result in significant fines.
Are you affected by the new GDPR? What kind of data are they referring to?
According to the regulation:
“The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.”
“Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.”
Bottom-line: any financial process that includes personal data is impacted by GDPR.
Documents involved in financial processes like: Sales Orders, Invoices, Purchase Orders, Delivery Notes, Price Quotations, Contracts, etc. will play a special role in the new regulation.
In order to fulfill the requirements of the GDPR, an Enterprise Content Management (ECM) system is absolutely essential, as it generally allows the creation, management, and safe archiving of all documents relevant in the context of data protection.
As part of our portfolio, we provide Legal Archiving and Content Management solutions. The system will apply the new regulation conveniently by providing the following advantages:
- Documentation Obligation
The GDPR requires an extensive and transparent documentation of all processes connected with personalized data. This demands the use of a specialized information management. This system has to be the center of all activities. Aspects like “limited access rights via a restrictive rights concept“, “absolute transparency for document related processes“ and the “adequate blocking or deleting of personalized information” are covered by Windream and directly linked with the requirements of the EU GDPR. - Overview of Processes
The EU GDPR requires an extensive overview and description of all processes that refer to personalized data. For that purpose, managing process descriptions and indexing based on precisely defined data categories, become essential features in you ECM system. If existing documents have to be changed, these adjustments should be traced back via a complete document history. Windream is able to deliver complete proof of changes or extensions at any desired time practically “at the touch of a button”. - Declarations of consent
According to the GDPR, the processing of personalized data can also be authorized via the declaration of consent of the respective person. The GDPR requires that the consent of the affected person needs to be explicitly proven by the responsible party. Windream supports the user in managing the “gathered” declarations of consent, for example with a systematic storage in a register of persons or with an electronic file within the ECM system. - Deletion requests
In general, affected persons have the right to demand that their personalized data be deleted according to article 17 of the EU GDPR, if one of the reasons mentioned in the article applies. Generally, deletion of data from Windream is easy to achieve and can also be automated. Apart from withdrawing all rights, which prevents the data from being viewed, a deletion is also possible using other technical ways, for example via adding document properties that will transfer the documents to a protected area and initiate a deletion afterwards via an automated concept based on the document life cycle.
Let us offer you advantages in the concepts of rights, access and protection, via document history, versioning function, and indexing for quick retrieval of information, up to the life cycle settings for automated or manual data deletion.
Get ready for the new regulations. Manage your documentation in a GDPR compliant way.