The GDPR: the user at the heart of the concerns of the company!
September 2018 by GÜRAY TURAN, Regional Manager EMEA pour OnBase, Hyland Software
The corporate media keep on talking about the recently introduced General Data Protection Regulation (GDPR) in Europe. But is everyone prepared for it? For latecomers, here is a small survival guide in the RGPD jungle.
The first 3 steps towards the RGPD
1. Take inventory
Identify where personal data lives within your organization. What systems, roles and processes are involved? When and where are they collected, transferred, replicated or archived? To ensure compliance with the RGPD, you need to monitor and optimize your information processes to reduce the risk of exposure and improve governance at each stage of the information life cycle.
Be aware that the personal data that your organization collects and manages can go through your company’s firewall and land in the hands of third parties, such as cloud-based partners or software providers. Make sure you understand their compliance practices and make sure they are appropriate.
2. Define rules
Employees play a vital role in ensuring compliance. Even the best controlled systems and processes can be easily compromised by employees who do not know, or decide not to follow, compliance requirements. Defining a rule that reinforces compliance requirements and educating employees about this rule establishes a culture of compliance.
3. Let technology do most of the work
Information management technologies have long helped businesses meet compliance requirements. In fact, given the exponential growth of commercial data volume, it is almost impossible for a modern organization to manually manage compliance rules without the use of information management tools to track and automate key compliance tasks.
While there is no "magic app" that allows your business to meet the RGPD on its own, an enterprise information platform can help you ensure your processes and users are ready to strengthen compliance with the RGPD, rather than compromise it. Here are some crticial technology components to consider:
– Automated document retention management to facilitate the proactive deletion of data when they reach the predefined usage limit
– Multi-faceted security features to prevent unauthorized access to protected data and its replication
– Dynamic privacy features, such as automatic drafting and data masking, to enable employees and partners to access the information they need without accessing data they are not allowed to see
– Audit and reporting features to ensure that your organization can monitor the application of compliance rules and prove it
It is interesting to note that, currently, software products do not have any type of "RGPD compliant" or "RGPD certified" certification.
The effectiveness of any software solution to help your business achieve compliance will largely depend on its deployment and configuration, as well as the processes and rules within your organization.
For more information on current regulatory trends in terms of privacy and compliance, download the new e-book Security and Privacy - The RGPD is just the tip of the iceberg.