GDPR

GDPR Compliant Data Retrieval Software

What is EU General Data Protection Regulation (more commonly referred to as GDPR)?

Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data by May 25 2018.

 The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data.

GDPR requires companies to know what personal data it holds, why and where it is held, how it is used, who can access it, who has used it and how to deal efficiently with a data breach –

What that means in terms of all types of document archive storage is – 

  1. Do not store and retain more than you’re allowed (or required) to.
  2. Only store it for as long as you’re allowed (or required) to.
  3. Make sure to store the data appropriately, and in line with local requirements.
  4. Have a built in audit process.

So where are your documents?

Who has access to them, and is that a controlled and audited environment?

The days of retaining documents in filing cabinets and box storage archives, having multiple copies in different department’s cabinets are gone, or should be. Placing documents in network shares, and hoping they are not duplicated, deleted or accessed by the unauthorised person, also represents a difficulty, when considering GDPR. Online shares like Dropbox, whilst very flexible, also represent a danger as documents can be easily synchronized (i.e. copied) to a PCs, and/or Mobile Devices.

The use of technology alone will not ensure compliance with the new legislation, but a good Document Management – Archive and Retrieval service. EDM–online.com will play a key role for organisations in the areas for GDPR and document, information compliance.

Requirements imposed by GDPR Supporting EDM-online.com functionality
The right to be forgotten The ability to find and delete documents, and the ability to find documents by document retention dates, and bulk delete. All deletes are Audited.
The right of access The ability to search for relevant documents, and make them available, if requested.
Breach notification standards Fully audited system, including logins (login attempts) and document access.
Privacy by design Secure login access for authorised users only, by document type. Documents are not indexed by search engines such as Google. They can only be found by authorised users with access to
The right to data portability Data exported as csv, Documents exported as PDF(Industry standards) (If requested, and this is logged for audit)
Adding editing meta-data Ability to edit, or delete, metadata
Completion and amendment of personal data, where data has been incorrectly stated. EDM-online.com allows for the accomplishment and revision of personal data, where such data is incorrectly stated.

As a user of EDM-online.com you have the ability to store  documents in a highly secure and structured indexed manner,  including a scan date, in addition to any index data (Searchable index ) that you have had applied to the documents.  This makes it easier to identify those documents that you should no longer be retaining, both now, and as you move forward.

The following is a more detailed explanation included in the functionality that allows EDM-online.com to put you in control of your stored documents.

  1. Search on indexed data. Search for documents based on their scan date, so for example, find all documents scanned before 2012. You can also search on any indexed date, or date range (you may want to consider adding a retention date to your index requirements going forward.)
  2. The ability to bulk delete all of the documents in a resultant search, after being presented with a warning (With an OK or Cancel option), that includes the count of documents, and only if you have the appropriate permissions to action a delete. If you don’t have delete permissions you can mark all for GDPR review.
  3. The ability in the document display screen to action a delete document, i.e. whilst you are reviewing a document, and only if you have the appropriate permissions for delete.
  4. The ability to mark a document for GDPR review, if you do not have permissions to delete, but suspect the document should no longer be retained. This GDPR review list will be available to all those that have permissions to access the document type, and have delete permissions.
  5. The ability to delete one, or more pages, in a document, such as a HR file where you might be required or allowed, to keep certain pages of information, but required to delete other pages.
  6. The ability to edit an index record, either to correct an index error, or because you are no longer required, or allowed, to keep part of the associated data.
  7. All actions comprehensively audited, Action, Date Time, User and IP address.
  8. Subject Access Requests (SAR) with legacy data converted into digital formats, SAR can be satisfied well within the 30 day timescale imposed by GDPR, this will be particularly helpful, given that the £10 charge (which the previous 1998 DPA allowed to help fund SAR) has now been removed.

Use EDM-online.com to stay in Control of Your Documents.

EDM-online.com is an advanced and compliant tool enabling the support of archiving and management of documents, regardless of your business profile. This is achieved by keeping personal data in a protected environment, making the data easily accessible and organising them in such way so that their retrieval and processing is as straight forward as possible. Placed within a web browser window.
EDM-online.com has the ability to store files created electronically as well as scanned images of paper based documents.

Everything under Control.

If for any reason you forget to Log Out, some browsers will time out. We are working on a time out mode so that time out will be a configurable option for administration.  EDM-online.com digital document management software can only be accessed via your Internet browser, using a secure SSL/TLS connection (HTTPS) via a minimal length password protected account. Giving your company complete control over what each user can see, edit, add or remove from the system. An ability to view and audit who has logged in and used the system.

The Correct and Compliant Location for All Your Digital Files.

EDM-online.com is not just another online box where you only have the options to add or remove your files, as you would to any other folder on a drive. Documents in EDM-online.com digital document management software are organised in user-defined profiles, each defined by a custom set of meta-data. Finding a single record will be faster than ever.