Records management and compliance are hot topics with the EU General Data Protection Regulation (GDPR) due to take effect in May 2018.
The GDPR directive poses a risk to businesses compared with previous versions as sanctions can be very high, up to four percent of a company’s worldwide turnover. However, GDPR also provides organisations with an opportunity to review their data and information processes so that they work more efficiently and effectively for the company, its staff and customers.
If you are uncertain where you are in terms of GDPR readiness, Document Logistix can help you with a preparedness audit.
The good news is that a retention policy that enables organisations to capture, manage and destroy electronic information automatically is relatively simple to achieve.
Is your retention policy GDPR-ready and enforceable?
Under GDPR organisations must track usage of records, files and documents. Tracking must include a documented understanding of why, where and how information is stored.
GDPR also begs the question: do you have an enforceable retention policy?
A retention policy sets the time that information, data and records must be managed and retained. It provides a framework for employees on how they should manage information - from creation to destruction – to comply with data management and GDPR regulations.
A retention policy includes both paper and digital formats, which adds an element of complexity if a paper version has been printed and tucked away in a drawer.
Approaches to retention policy enforcement: manual or automated?
When individuals are left to monitor and enforce a retention policy, it involves significant manual intervention, time, effort and cost.
Alternatively, organisations that ruthlessly delete files that have reached their end of life (EOL), without any forewarning for staff, could potentially lose important records.
Neither approach is satisfactory.
Integrated document and records management is safest for regulatory compliance
Given that corporate data includes everything from employee information, client records, business accounting details to supplier emails – practically any data that is used for or generated in a business operation - adopting integrated document and records management processes is essential.
Document Logistix can help you to ensure that retention policies are applied automatically to physical files, electronic documents and emails.
Our electronic document management system (EDMS) embeds good governance practices so that policies can be enforced in both controlled and uncontrolled environments, inside and outside the corporate firewall.
Automation of the EDMS process also reduces the costs of managing information and enforcing a retention policy.
Document Manager provides comprehensive on-premise, Cloud and SaaS options
Document Manager has been the trusted DM solution of small and large organisations for more than 20 years. We have an in-depth knowledge of many industry sectors, including law, manufacturing, logistics, professional services, finance and education.
Digitisation is a logical move for companies that want to reduce the complexity surrounding information management, as well as to comply with GDPR. Moving all or some of your documentation to the Cloud makes it far easier to collate and protect, and to achieve permissions-based records management that is simple to audit.
Retention management is a natural extension of our Document Manager system, so it is seamlessly integrated in your day-to-day, month-to-month and year-on-year business workflow.
Integrated document and records management and automation make GDPR compliance less burdensome and costly to the business, and reduces the risk of penalties.
Document Logistix experts are talking to companies every day about the EU General Data Protection Regulation. If you are not sure about GDPR implications for your organisation or would like to find out more about your options, please Get in touch.
GDPR. How document managment helps with GDPR compliance. Document Logistix
Will there be an ICO whistleblower? Who has rights to data deletion?