DOCUMENT HANDLING

30 July 2018

GDPR complaint document handling

Document management solutions provide:

  • structured organisation and control of documents
  • enable search
  • provide document security, audit, versioning
  • capability to manage retention

What they are not necessarily capable of is identifying and separating personally identifiable information (PII) from everything else in each document.  

Access
Processes must be implemented to grant or remove access to PII when staff join, move within or exit the company.

Encryption  
To be compliant with GDPR, documents must remain encrypted whether stored in document management, in-transit, stored locally or when backed up for disaster recovery.

Remote Working
The use of personal equipment to store documents or public Cloud solutions create a potential exposure.

Breach Notification
If it can be proven that a document is encrypted, then the obligation to report a breach to the data subject is removed, however, the ICO must be notified within 72 hours of the breach becoming known.

Rights of the Data Subjects:

  • Right to be Informed
  • Right to Access
  • Right to Rectification
  • Right to Erasure
  • Right to Restrict Processing 
  • Right to Data Portability
  • Right to Object 
  • Rights related to automated decision making and profiling 

 

How can we help you?

To find how our friendly and knowledgeable solicitors can help you, contact us today.

Make a free enquiry - Call now - 0151 659 1070

Contact us