The General Data Protection Regulation (GDPR) comes into full force in May 2018. GDPR Specialist and Business Technology Consultant, Tim Hyman, has called it the most significant development in data protection that Europe has seen in over 20 years. However, as GDPR applies to any organization that holds personal data on EU citizens, the legislation will also have wide-ranging implications for non-European businesses.
GDPR can be summed up as protecting the fundamental right to privacy and ensuring that data is accurate and only kept as long as necessary according to business demands. It is essential to assure clients that your organization is taking these new requirements seriously. One of the main ways to do this is to begin GDPR preparations now.
While there are several operational challenges to address before the May 2018 deadline, two are particularly crucial; Data Subject Access Requests (DSAR) and accidental data leaks.
Challenge One: Data Subject Access Requests
The changes to data subject rights that GDPR brings with it will likely influence the volume of DSARs. Prohibiting the ability to charge for DSARs and imposing a new mandatory fast response time of one month 30 days is expected to result in an increase in the number of requests.
Many firms that have begun GDPR preparations have found hidden or ‘dark data’ to be an early challenge when responding to a DSAR. Image-based documents like TIFFs and PDFs make up a large portion of these hidden files. As they lack the text layer that search technology relies on they are essentially invisible. Making data discoverable enables true risk assessment and a complete DSAR response. Missing documents in a DSAR can result in costly disputes, drawn-out negotiations, and potential penalties.
The most effective solution is employing a software application that trawls through document repositories, assessing which files need to be submitted to Optical Character Recognition (OCR) technology. OCR scans image-based documents and applies a text layer, making them discoverable. contentCrawler from DocsCorp is one such product. It runs in the background 24/7 without the need for staff intervention.
DSAR responses will also involve providing a high volume of documents to the requester. A program like pdfDocs from DocsCorp automates the process of converting and assembling vast amounts of documents into a single or multi-PDF binder, which can be distributed to clients or third parties quickly and securely.
Challenge Two: Accidental Data Leaks
GDPR puts the onus on companies to prevent any leaks of personal data belonging to their clients and employees. Data leaks not only affect the data subject, they can also do irreparable harm to a professional reputation.
Data leaks can occur through hacking, though it is more commonly a result of human error such as sending an email to the wrong person or neglecting to remove Track Changes from a document. Metadata cleaning applications, like cleanDocs from DocsCorp, are the simplest way to minimize the risk of accidental leaks.
Be sure to employ a solution that automatically cleans documents when they are sent outside of an organization via email. The prompt to ‘clean’ documents built into the email program is also an effective way to prevent users from sending an email to someone other than its intended recipient. Taking a moment to double-check and review the email will lessen the potential for accidental data leaks.
While GDPR presents its own set of challenges, it is important to be aware of how the right software solutions can lessen the associated operational burden and reduce the risk of non-compliance. Penalties for non-compliance are harsh – the maximum being 20,000,000 Euros or 4% of global revenue, whichever is highest. Taking the time now to implement the right applications and train staff will help protect your organization.
To learn more, download our latest white paper - Dark Data: the Hidden Risk to GDPR Non-Compliance. Or, visit our GDPR Software page to discover how DocsCorp products can help you prepare for GDPR.