Embracing digitisation is key to GDPR compliance

The shift away from inbound paper mail, and even email these days, is a familiar story for many. The rise of automated, electronic processes, virtual call centres and cloud solutions is paving the way for new ways of working. This trend is coupled with a huge regulatory hurdle on the horizon: GDPR.

What is the General Data protection Regulation? (GDPR)

GDPR, which comes into effect on 25 May 2018, is designed to unify data privacy requirements across the European Union (EU). If you market to or process the information of EU Data Subjects (customers, end users and employees), you need to be ready to address these new requirements.

A brief overview of GDPR

In an increasingly data-driven world, the aim of GDPR is to protect all EU citizens from privacy and data breaches. Over the last few years, some of the largest global companies have disclosed security breaches, including Yahoo and Uber. The new regulation is great news for consumers but presents a complex challenge for businesses.

One of the biggest changes is to the jurisdiction of GDPR. It affects every company – regardless of size – that processes personal data of ‘Data Subjects’ residing in the EU, no matter where the company is located.

The EUGDPR.org website provides an easily-digestible overview of the main changes, but in summary:

  • Businesses must have explicit consent to use a wide variety of data
  • It is now a legal requirement for organisations to hire a data protection officer if business processes require the storage and manipulation of certain categories of data
  • ‘Privacy by Design’ is now becoming part of the official legal requirement, which states that data protection must be included from the onset of system design. This includes pseudonymisation techniques, so that data cannot be attributed to a specific data subject, and data minimisation

GDPR also includes some onerous provisions to promote accountability and governance, meaning it is even more important for organisations to demonstrate compliance. Essentially you must:

  • Implement a clear governance process with regards to the type of data and what data is managed, processed, stored, retained and deleted
  • Maintain documentation, such as data protection manuals and personal data inventories
  • Conduct data protection impact assessments
  • Deploy ‘Privacy by Design’ to ensure that privacy is embedded into any new process or product that is deployed

Are you suffering from compliance fatigue?

I worry that for many organisations, especially for SMBs, the constant need to stay on top of new compliance and regulations could lead to fatigue in dealing with the issues.

Perhaps it feels like a mountain to climb and it would be easier to just sit tight and hope everything will be OK. Well, this time, it won’t. There are some fairly hefty penalties for non-compliance, which could prove financially crippling for many businesses (up to €20 million or 4% of an organisation’s total worldwide annual turnover in the previous year).

It’s not too late to act

If your existing data processes are not up to scratch, you still have time to put the right infrastructure in place. Despite moving to online modes of delivery, such as self-service portals, virtual advisors and chatbots, which reduces the amount of paper, it is still just not possible to work in a paperless office.

Physical documents are pervasive and there are still cultural and behavioural attachments to the portability, annotation and longevity of paper as a medium.

But how can you deal with physical documents in a safe and secure way, while still meeting the new regulations?

From our experience, the three main reasons our customers approach us to digitise paper processes are to:

  • Accelerate – become quicker at what they do
  • Increase productivity
  • Reduce costs

Now, I would also include here:

  • Be compliant

With the power to digitise existing paper processes and capture, process, store and retain this data electronically from the outset, you can be GDPR compliant and reap significant operational benefits.

Take a look at the article ‘GDPR and data cleansing: the hidden threat that most of our clients overlook’ to gain a better understanding of what secure document scanning and archiving means. If you’d like to discover more about digital transformation, we recently released an infographic looking at the future of a technology-led workplace. You might be surprised by the number of people who are open to digital innovation.

Embrace digitalisation for a safe and secure future

Or perhaps you could turn this statement around and embrace GDPR as a means to get your business processes in shape for the future. Either way you look at it, you can’t sit and do nothing. What will you do next? After all, why just survive when you can thrive in a digital environment.

If you would like to learn more about securing information and ensuring compliance with new legislation, just fill out the form to the right to download your copy of our Security Solutions report.

Edward Gower-Isaac

Vice President & General Manager, Business Process Services at Ricoh Europe

Read all articles by Edward Gower-Isaac