What is GDPR?
The EU's General Data Protection Regulation (GDPR) will bring data protection legislation up-to-date with the way data is now used and stored by organisations and is an update on the current Data Protection Act 1998. It applies to any identifiable personal data that an organisation holds either on its employees, customers or other stakeholders. GDPR actually came into force in 2016 but will become law and apply in all EU member states from 25 May 2018. There are heavy fines for non-compliance, of up to €20m, or 4% of global annual turnover for the preceding financial year.
Whilst the majority of businesses are now aware of GDPR, far less have a strategy in place to tackle the new law both on either existing data that the organisation holds or an ongoing basis. The first step would be to run and audit on what personal data you are holding across your entire network.
Determine your risk
Understanding what data your organisation holds is critical for determining the size of the risk and the complexity of the task to become GDPR compliant. The task of controlling and protecting data is made more difficult by the fact that personal information is often being stored in a wide range of different places and by different people, sometimes referred to as ‘information silos.
Areas that you will need to understand include:
- How complex is our organisational structure - different divisions, operating units, departments, groups with different roles etc.
- How much data are each of these processing and what is the data used for?
- Was the necessary consent obtained from the individual and can consent be easily proved?
- Where personal data is currently stored, and is it protected adequately?
- How many vendors and stakeholders are processing data on behalf of your organisation?
By assessing current personal data storage and processing arrangements, companies can determine the additional steps required to stay compliant when GDPR comes into force.
Understand your data
EBC Group, working in partnership with M-Files and FileFacets can provide an analysis tool that will run a report to enable you understand what data is held within the organisation, including different departments, individuals and applications. It will provide you with reports and real-time dashboards of what information is held, what is classified as personal data, identifies what it actually is and also what is no longer being used.
Once you have this analysis you can then put a strategy in place to ensure you’re compliant with GDPR. This may include moving data that is required into an EIM system that monitors its usage, setting up automatic workflows that can remove data once it's no longer being used.
M-Files helps with GDPR
A critical aspect of GDPR compliance will be that a company can quickly and easily demonstrate the steps they have taken towards meeting GDPR requirements. They need to be able to provide this information and supporting documentation to auditors if required.
The M-Files Enterprise Information Management (EIM) solution simplifies GDPR compliance by helping organisations manage and control system information and data policies and processes and in the event of an audit or breach it provides excellent auditing capabilities. M-Files makes this fast and easy with powerful audit and reporting capabilities that allow companies to efficiently produce the documentation and other information necessary to respond to compliance requests.
M-Files is a highly-scalable and flexible information management solution that enables organisations to better manage personal data and Personally Identifiable Information (PII), by controlling and tracking such information, including that handled by third-party systems.
M-Files easily integrates with an organisations existing systems and repositories in a manner where the data remains in place, in its original location, without disturbing existing systems and processes. This enables companies to continue to leverage their legacy systems while adding the powerful information management functionality needed to protect personal information and adhere to GDPR.
A single viewpoint of all your organisations data
M-Files is a proven, high performing tool for compliance management so fits perfectly into managing GDPR requirements. It provides a single viewpoint to all the critical information across your organisation wherever it is stored, in a way that is easy to find, analyse, control and audit. It can easily view and access data across the organisation without the need to move the original data which makes implementing it simple.
Automatic organisational changes
M-Files enables control of security, confidentiality and other standard operating procedures and related teaching requirements. With Active Directory integration, organisational changes are automatically applied to individual users as they change their roles and tasks. Learning rules can be as granular as necessary from company-wide to team specific.
Integrated with databases and document repositories
Risks identified anywhere related to any item (system, review or other task missing or in delay, finding from an audit etc. for example) can be easily followed and controlled. M-Files can also be integrated with all databases and document repositories (shared folders, SharePoint etc.) to efficiently discover and govern personal data.
Integrate and access without the need to move data
M-Files easily integrates with an organisations existing systems and repositories in a manner where the data remains in place, in its original location, without disturbing existing systems and processes. This enables companies to continue to use their existing systems while adding the powerful information management functionality needed to protect personal information and adhere to GDPR