The General Data Protection Regulation (GDPR) will force organisations to rethink how they store, secure and process customers' data. The new regulation is designed to hand power back to the owner of the data. For example, any citizen or organisation wishing to be deleted from a database has the right for every record relating to them to be removed without trace. The onus is on the database owner to ensure they have kept track of these interactions and can readily comply with such a demand.

GDPR provides EU citizens with control over their personal data through a set of 'data subject' rights. This includes the right to access readily-available information in plain language about how personal data is used, access personal data and have incorrect information deleted or corrected.

In addition individuals have the 'right to be forgotten', which means that organisations must ensure that personal data is permanently erased. Under the GDPR, citizens can also restrict or object to processing of personal data for specific uses, such as marketing or profiling, and receive a copy of all personal data that is held.

Organisations already face huge challenges meeting regulatory requirements for securing data such as emails, PDFs and other business files and documents. Under the GDPR, businesses must have the ability to find out all references to an individual across all their systems and be able to delete all of these upon request.

As such, a reliance on manual, paper-based processes to store, manage and distribute information could have a negative impact on compliance with the new GDPR. With paper, it's almost impossible to know which documents contain Personal Identifiable Information (PID), what personal data is currently stored or where documents containing PID are located.

In addition, companies are under time constraints; if a consumer does request access to their data, they have a month to complete the request and disclose the information. This makes the ability to locate the information in a timely manner a pressing requirement - one that can be extremely difficult when paper files and documents are not stored in a single repository but likely spread throughout the organisation, in filing cabinets and storerooms both on- and off-site.

CAPTURE AT THE EDGE
Centralising paper-based and soft copy documents into one digital data source will make it much quicker to locate and access the data.

According to IDC organisations are seeing improved regulatory compliance since deploying technology related to digitising, automating and optimising document workflows. In its white paper 'Information Capture: Cornerstone of Digital Transformation' the analyst reported that 55 per cent of respondents to a recently conducted study said they had improved their record in meeting regulatory guidelines and seen a reduction of risk for non-compliance, while 48 per cent reported better compliance with mandated security and privacy regulations within their industry.

With GDPR, there is no magic bullet to compliance. The scale and complexity of the various forms of data within organisations today needs an integrated approach to help them capture, process and understand what information they hold.

Successful digital transformation begins with information capture and an information capture ecosystem comprising scanners, software, services and partners, and designed to remove complexity, plays a part in enabling organisations to address regulatory compliance requirements and avoid the heavy fines and reputational risk associated with non-compliance.

Alaris scanners, proprietary and third-party software solutions and services are designed to work together, helping businesses manage their compliance obligations.

GDPR DISCOVERY
Alaris scanners and bundled software solutions make it easy to seamlessly digitise legacy files as well as capture new information as it enters an organisation. However, the ability to find, classify and monitor all paper containing personal data is critical to GDPR management. Software providers Folding Space offer an automated, easy to use software programme, GDPR Discovery, which can assist organisations in avoiding the heavy fines and reputational risk associated with non-compliance. Preparation is key to GDPR compliance, and the months leading up to its implementation will be crucial for any business. It is a perfect opportunity for organisations to check procedures for handling data: how you would react if someone asks to have their personal data deleted, for example? Would your systems help you to locate and delete the data?

Many businesses will still be unclear as to what steps they can take to prepare, with some worried that GDPR will make their jobs more difficult. It is vital that organisations consult with their IT solution provider amongst others, as to the possible ways to prepare for GDPR. There are many steps - such as the capture and processing of existing data that has been discussed here - that they can initiate now to get the process underway.
More info: www.kodakalaris.com/en-gb/b2b