What is GDPR?
Those of you who have been living on a distant planet may not have heard of the General Data Protection Regulation (GDPR). Everyone else has been bombarded with emails pointing up the potential dire consequences and eye watering sanctions. Although this is an EU regulation it will still apply when the UK leaves the EU. Therefore, it is important to ensure you understand your responsibilities and have a systematic way of dealing with the regulation that will stand up to audit if required.
Why is it important to you?
While GDPR is not a retrospective law it does apply to ALL information you hold not just that collected after May 25th 2018. You will start to receive requests for the information you hold on individuals and for people to be forgotten. You will need to deal with these, and to have the confidence the information is correct and complete.
How can I deal with GDPR?
Well, a manual approach backed up by some spreadsheets is not going to cut it, especially as so much data is in electronic form. The first thing is to be able to identify all the data you hold on individuals, and in the process, you should rationalise where and how you hold information. Expunging all out of date and unnecessary material is also going to help significantly.
It all boils down to data governance. Those who have a well defined strategy for data governance and follow best practices will have little extra work to ensure GDPR compliance. Those who have not are probably well short of compliance and should carry out an urgent risk assessment.
Can you answer these questions?
- Do you know where all personal information is held?
- Do you know the reason for holding personal information?
- Are the records current and necessary?
- Do you have consent to share information?
- If you were to be audited could you demonstrate compliance to the regulation?
- What measures do you have in place to prevent and report data breaches?
It is not rocket science but there is a duty of care which has not been formalised in such a way until now.
What do I do now?
Implementing a decent document and content management system should help to improve your data governance and allow you manage the information and processes to help to stay in line with GDPR. You may already have something suitable but if not then certainly consider M-Files as it can help with this and many other business activities quickly and effectively.
M-Files GDPR Solution Template
If you know you need to have something in place as a matter of urgency but don’t have the resources or expertise to implement a solution yourself then look at the M-Files GDPR Solution Template.
This is a pre-built repository with all the elements demanded by GDPR and workflows to manage the various processes with guidance notes supplied by IT Governance to support the whole installation. It comprises many man-years of compliance managers’ expertise and is tightly aligned with the regulation yet has ultimate flexibility to be configured to the needs of your industry.