How to Make Your Company Content GDPR Compliant

Compliant with EU GDPR
GDPR (General Data Protection Regulation) is a set of European rules and standards related to privacy and data governance.It applies both to European companies and to any company doing business in Europe or doing business with European clients.The regulation requires positive consent from customers and gives them new portability powers to control the transfer of their own information - and sets significant penalties for non-compliance.

Why GDPR matters

GDPR is a European law that came into effect in May 2018.Unlike the previous EU Data Privacy Directive, GDPR is an EU regulation.Unlike Directives, governments are not required to pass enabling legislation.GDPR is actually a European law.It overrides national law and all previous EU directives.

What you need to know about GDPR
1. High fines
Penalties for violations are significant.Fines of up to EUR 20 million or 4% of total global turnover in the previous financial year, whichever is higher.

2. Explicit customer consent
For the data collected and the purpose for which the data is used, valid consent must be clearly expressed.Additionally, you must be able to demonstrate "consent" (opt-in) and be able to withdraw consent.

3. Compliance outside the EU
The old disclaimer for non-European companies no longer applies.Non-European companies used "safe harbor" clauses to comply with the original data protection regulations, but this was overturned by the European Court of Justice in 2015.

4. Personal data can be anything
Managing unstructured information and documents is key to compliance.The European Community defines personal data as any information relating to an individual, whether private or professional.Names, addresses, photos, email addresses, bank details, posts on social networking sites, medical information or IP addresses are all valid.

5. Paper documents also count
GDPR applies to the processing of personal data in whole or in part by automated means.It also applies to processing that is not carried out by automated means that form part of the filing system.In other words: paper documents.

6. Extended Chain of Responsibility
If a cloud service provider or document processing outsourcer stores or processes personally identifiable information on your behalf, you are responsible for the outsourcer's data governance practices.

How DocuWare can help meet GDPR compliance
No single technology can meet all GDPR requirements, and businesses must adopt a comprehensive information management strategy.Document management and workflow automation can play a key role.DocuWare provides document management and workflow automation systems that help you comply with all document-based processes.

With DocuWare, your company can:
Find and access personal data stored in and processed with your documents
Export, correct and delete personal data(For example, erasing data helps to comply with the new "right to be forgotten" clause)
Ensure personal data is protected and will not be further processed

More about GDPR and Compliance Solutions
A vital cornerstone of GDPR and DocuWare solutions to help you comply
Document management solution providers such as DocuWareHelps ensure compliance with GDPR.Emails, contracts and other documents containing personally identifiable information are considered personal data and must be archived, managed, secured and controlled.

“In many ways, the EU is leading a fundamental reform of privacy protections to align them with the realities of digital commerce. Resisting the development of digital commerce could be futile and counterproductive.”