What is GDPR?
GDPR is the General Data Protection Regulation, a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occurs within EU member states and non-compliance could costs companies dearly. It standardises data protection laws across all 28 EU countries and imposes strict new rules on controlling and processing identifiable information (PII), it also extends the protection of personal data and data protection rights by giving control back to EU residents.
Who does GDPR apply to?
The GDPR applies to ‘controllers’ and ‘processors. The definitions are broadly the same as under the DPA (Data Protection Act) – the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. However, if you are a controller, you are not relieved of your obligations where a processor is involved, the GDPR places further obligations on you to ensure your contracts with processors comply with GDPR. The GDPR applies to processes carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer foods or services to individuals in the EU.
What information does GDPR apply to?
Personal data:
The GDPR’s definition is more detailed than the DPA and makes it clear that information such as an online identifier (e.g. an IP address) can be personal data. A wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people
Basic identity information such as name, email address and ID numbers
Web data such as locations, IP address, cookie data and RFID tags
Photo
Location data
Profiling and analytics data
Sensitive personal data:
GDPR refers to sensitive personal data as ‘special categories of personal data’ these categories are broadly the same as those in the DPA, but there are some minor changes. For example, the special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual
Health and genetic data
Trade union membership
Biometric data (facial recognition, fingerprint)
Racial or ethnic data
Religion
Political opinions
Sexual orientation
FileDirector:
FileDirector brings the future of company management and data distribution into today’s world. This electronic Content Management solution shortens the time required to organise and handle documents within an enterprise, enormously. This noticeably more productive and more efficient way of working reduces costs significantly.
Scan & Upload - Capturing information is a very quick process using FileDirector. Scanning was never easier, using pre-definable scan profiles. FileDirector records electronic documents as flexibly and quickly as paper documents. The format and source are not an issue and thanks to the included integration with Microsoft Office, you and your staff can archive documents, tables and emails with a simple mouse-click.
Sort & Index - Indexing and sorting documents is handled manually or via OCR (Optical Character Recognition) zones in the document, via full text or barcodes. Index data can be imported via ODBC from other databases or files or transferred automatically when importing or recording.
Search & Retrieve - FileDirector leaves you free to decide how to conduct your keyword search. You can use the defined index fields to search for information you need, either within an entire filing cabinet or within a given document type. You can also use full text search to locate the documents you need via their content.
Thanks to its extensive range of functions, FileDirector meets all your document management requirements – today and tomorrow. Ease of use, scalability and a wealth of expandable components make FileDirector the perfect partner for businesses of all sizes.
The benefits of an intelligent document management system are self-evident, for instance, of the improved efficiency: documents are located, stored and distributed more quickly. What’s more, staff do not waste time or money on duplicating or distributing documents. Digitising avoids all these unnecessary steps and gives your staff more time to concentrate on the essentials. On top of this, document storage costs are reduced because a considerably smaller storage area is required.
Return on Investment:
In todays fast changing and complex business environment paperwork can restrict your ability to operate efficiently. Needless filing and searching costs business’ valuable time and money. FileDirector means documents are stored, distributed and located faster. FileDirector removes the burden of paperwork and frees staff to focus on essential work.
A further reason for investing in a FileDirector document management system is compliance with statutory requirements, since we help your organisation to minimise the financial or legal risks which can be caused by lost, damaged or improperly used information.
With the increase of paper in our day to day working lives and the mounting constraints and costs of storage space, many businesses choose to pay for offsite storage. Costs upwards of tens of thousands of pounds per year for this kind of inflexible, poorly secure storage solution are not uncommon. FileDirector will take away the burden of spiralling storage costs and in some cases create a return on investment (ROI) in less than a year.
How FileDirector helps comply with GDPR:
Using a document management system (DMS) can help with GDPR compliance. A document management system stores, manages and tracks electronic documents and electronic images of paper-based information captured through the use of a document scanner (our sister company Scanner Superstore sells scanners such as Canon and Fujitsu, click here to view the range of scanners we offer). A DMS ultimately controls and organises documents throughout an organisation. One of our most popular document management systems is FileDirector. FileDirector is the future for the administration, and distribution of information, because it decreases considerably the time taken to manage and access all of the information within an organisation, allowing you to become more efficient and productive, whilst reducing costs. Security in any document management solution is vital, therefore FileDirector lets you have complete control over document access, activity auditing, revision control, retention control, and automatic storage of documents and emails.
When it comes to fulfilling a subject access request under GDPR FileDirector has a built-in web interface which allows documents to be shared securely through an online portal. This can be placed on a company website and access the required documents would be a case of sharing a one-time use login with the person making the request and uploading their documents for them to access. When fulfilling a subject access request under GDPR the documents could be sent by post and email however this is less secure, more costly and is not a good long-term solution for sharing thousands of documents.
The right of access – under the GDPR, individuals will have the right to obtain access to their personal data, so that they are aware of and can verify the lawfulness of the processing. The information provided to the individual making the request must be done using ‘reasonable means’ and within one month of request. Compliance without the use of appropriate technology, such as a document management system may prove difficult. By using a DMS such as FileDirector, information stored together in one setting is accessed quickly and easily and can efficiently be sent t the individual requesting ‘the right of Access’ within the set timescale. All user actions within FileDirector have audit trails, recycle bins and can be included in system-wide searches and documents cannot be accidentally deleted; providing confidence that all the right data is located and can easily be passed on. At the point of scanning, key index fields can be collected from a document, information such as order numbers and dates as well as personal information such as D.O.B, names and addresses can all be indexed to allow easy but secure access to customer documents. FileDirector makes this easy by allowing hundreds of documents to be complied through simple use of index fields which can then be sent to the person making the request.
Privacy by design – privacy by design is an approach that promotes privacy and data protection. Data controllers must put technical organisational measures such as pseudonymisation (the separation of data from direct identifiers so that linkage to an identity is not possible without additional information that is held separately) in place – to minimise personal data processing. Using FileDirector can help ensure everyone is working in the same manner and to the same procedures and can also show strong compliance by evidencing all communications and involvement with a client as well as controlling who has access to what data e.g. clear audit trails. Strict privacy controls govern who has access to what data, with configurable permissions to control what data users can access and what they can do with it. Should the regulator require evidence, A DMS can easily aid with this; showing that steps have been taken to ensure compliance. FileDirector allows you to assign individual users or departments into groups giving them permissions to view or edit certain documents.
Breach notification standards – The GDPR will introduce a duty on all organisations to report certain types of data breaches to the relevant supervisory authority, and in some cases to the individuals affects within 72 hours of becoming aware of the breach. In the unlikely event any breach of data should occur, this can be identified and reported immediately using a DMS such as FileDirector; something that is nearly impossible to do when dealing with paper documentation in various locations. FileDirector, can help streamline investigations with its revision and access control features allowing you to monitor who has accessed documents and what changes have been made. With GDPR also stressing privacy, a document management system can ensure data is not accessed mistakenly and is stored in a secure manner, where the loss, damage and even theft that paperwork could be subjected to is eliminated.
Please contact us or call us on 01785 785 650 to get more information or a quote on FileDirector.