General Data Protection Regulation: impact and solutions
In the light of impending changes to the data protection laws that will impact on all organisations in relation to how they manage personal data of customers, the latest mstore user group discussions centred for a time on this fundamental issue.
Existing users of mstore representing diverse organisations from financial institutions and engineering to retail and logistics met at Oulton Hall, Friday 27th January to share insights into current challenges and opportunities.
The discussion kicked off with an insightful session from Clarion’s Matthew Hattersley to sort the myth from the chaff; yes, General Data Protection Regulations (GDPR) WILL be implemented regardless of Brexit, and no organisation is immune.
Whilst the rights of us as individuals are more secure and controlled with GDPR, there are more consequences for organisation that do not ensure the new regulations are applied. For example, it becomes a requirement that EXPLICIT consent is gained for the storage and use of someone’s personal data, including their contact details, replacing the current practice of offering opting out mechanisms. Significantly, this consent must also be specific and freely given. Organisations must also be able to demonstrate that they did receive consent potentially adding another layer to managing consent which stands up to scrutiny.
Despite the May 25th 2018 deadline for getting our houses in order, organisations seem to be a various stages of preparedness from complete ignorance to appointing a task force to undertake information audits across the organisation and draw up action plans. It’s the type of issue that is keeping some people awake on a night mulling over the impact, but all organisations are expected to need to change some of their processes to accommodate.
Having an existing document management system such as mstore in place certainly provides a solid foundation for GDPR preparedness and can take the pain out of administrating data related compliance as the ability to sort, search and track documentation containing personal data is already in place. Arena’s software development team are already working on an easy to execute bolt on that integrates with existing platforms including customer relationship management (CRM) systems. The user group discussions, along with other research work, have served to inform the design of this new functionality.
Any increase in Subject Access Requests as the £10 charge is removed and awareness of rights around data protection can also be accommodated to provide greater automation and responsiveness, even if mention of the individual is contained in a mix of records. Individuals’ right to be forgotten are also likely to challenge traditional, paper-based methods of storing documentation and personal data, putting greater importance on digitised and structured ways of working that can find and demonstrate removal of personal data.
Changes also include an increase in potential fines for non-compliance including poor administration or failure to secure and prove proper consent for the use of personal data and the need to publicise failures impacting on budgets and reputations. Organisations can no longer afford to disregard vulnerabilities in how they operate and manage data and documentation.
Now, more than ever, is the opportunity to prioritise a review of workflows and make a strong business case to your organisation for moving away from ineffective, paper-based processes towards more productive and compliant workflows which can also facilitate the organisation’s ability to address GDPR changes, takes the pain out of ensuring rigorous information governance and avoids the potential cost of non-compliance.
For more information on GDPR and how to be prepared, visit the Information Commissioners Office who are responsible for enforcing data protection regulations and publish regular updates and guidance on GDPR: https://ico.org.uk/for-organisations/data-protection-reform/guidance-what-to-expect-and-when/