FileDirector and how it helps comply with GDPR!
What is GDPR?
GDPR is the General Data Protection Regulation, a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occurs within EU member states and Non-compliance could cost companies dearly. It standardises data protection laws across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII), it also extends the protection of personal data and data protection rights by giving control back to EU residents.
Who does the GDPR apply to?
The GDPR applies to ‘controllers’ and ‘processors’. The definitions are broadly the same as under the DPA –the controller says how and why personal data is processed and the processor acts on the controller’s behalf. If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. However, if you are a controller, you are not relieved of your obligations where a processor is involved, the GDPR places further obligations on you to ensure your contracts with processors comply with GDPR. The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer foods or services to individuals in the EU.
What information does the GDPR apply to?
The GDPR’s definition is more detailed than the DPA and makes it clear that information such as an online identifier (e.g. an IP address) can be personal data. A wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.
-Basic identity information such as name, address, email address and ID numbers
-Web data such as location, IP address, cookie data and RFID tags
-Profiling and analytics data
Sensitive personal data:
GDPR refers to sensitive personal data as “special categories of personal data” these categories are broadly the same as those in the DPA, but there are some minor changes. For example, the special categories specially include genetic data, and biometric data where processed to uniquely identify an individual.
-Health and genetic data
-Trade union membership
-Biometric data (facial recognition, fingerprint)
-Racial or ethnic data
FileDirector is the future for the administration, and distribution of information, because it decreases considerably the time taken to manage and access all of the information within an organisation, allowing you to become more efficient and productive, whilst reducing costs. The definitive in Enterprise Document Management.
Security in any document management solution is vital, therefore FileDirector lets you have complete control over document access, activity auditing, revision control, retention control, and automatic storage of documents and emails.
Capturing information is easy in FileDirector. With support for thousands of scanning and digital input devices, and with predefined Scan Profiles, scanning has never been simpler. FileDirector’s Microsoft Office Integration takes just a click of the mouse to capture documents, spreadsheets and emails.
Classifying documents can be done manually, or taken from the documents themselves by zoned OCR, full text OCR or barcode reading. Index data can be imported from other databases or files, or values can be automatically applied when importing or capturing documents.
-Built-in control of ISIS & Twain scanners
-Windows client or web browser access
-Integration with the windows desktop & MS office apps
-Audit train, version control, and document control, and document history
-“print” documents in from any application like sage
-Create custom document exception reports
Retrieving documents is a simple task. Type in what you are looking for into the index fields and you’ll get a list of documents back, which you can then view. Or use the full text search option to find documents that contain the word or phrase you want to look for. Viewing documents cannot be more straightforward. Just double-click on the document record and it will be opened. FileDirector supports over 200 different file formats. You can easily page through, view thumbnails of it, and look at any previous versions of it, if it has been revised. You can also open and look at several documents at once.
Process management allows you to send documents to users via a set of predefined steps, where each user or users must perform specific tasks, such as commenting or approving a document. An ideal tool for applications such as invoice processing.
FileDirector supports up to 128 servers working in unison and can cater for thousands of users, whether in the same office, town, country, or spread worldwide. It’s unlikely you will outgrow FileDirector. Storage is not a problem with FileDirector. Working with Microsoft SQL or Oracle, it supports multiple document storage schemes, and can easily handle millions of records and documents.
-Centralise important business information
-Secure your documents and share only with approved users
-Capture information from scanned documents
-Create custom approval workflows
-Make documents accessible to customers
-Automatic audit trail
-Accessibility and security
-Improved customer service
How FileDirector helps comply with GDPR:
Using a document management system (DMS) can help with GDPR compliance. A Document management system stores, manages and tracks electronic documents and electronic images of paper-based information captured through the use of a document scanner (our sister company Scanner Superstore sells scanners such as Canon and Brother, click here to view the range of scanners we offer). DMS ultimately controls and organises documents throughout an organisation. One of our most popular DMS is FileDirector. FileDirector is the future for the administration, and distribution of information, because it decreases considerably the time taken to manage and access all of the information within an organisation, allowing you to become more efficient and productive, whilst reducing costs. Security in any document management solution is vital, therefore FileDirector lets you have complete control over document access, activity auditing, revision control, retention control, and automatic storage of documents and emails.
When it comes to fulfilling a subject access request under GDPR FileDirector has a build in web interface which allows documents to be shared securely through an online portal. This can be placed on a company website and accessing the required documents would be a case of sharing a one-time use login with the person making the request and uploading their documents for them to access. When fulfilling a subject access request under GDPR the documents could be sent by post and email however this is less secure, more costly and is not a good long term solution for sharing thousands of documents.
The right of access – under the GDPR, individuals will have the right to obtain access to their personal data, so that they are aware of and can verify the lawfulness of the processing. The information provided to the individual making the request must be done using “reasonable means” and within one month of request. Compliance without the use of appropriate technology, such as a DMS may prove difficult. By using a document management system such as FileDirector, information stored together in one setting is accessed quickly and easily and can efficiently be sent to the individual requesting ‘the right of Access’ within the set timescale. All user actions within FileDirector have audit trails, recycle bins and can be included in system-wide searched and documents cannot be accidentally deleted; providing confidence that all the right data is located and can easily be passed on. At the point of scanning, key index fields can be collected from a document, information such as order numbers and dates as well as personal information such as D.O.B, names and addresses can all be indexed to allow easy but secure access to customer documents. FileDirector makes this easy by allowing hundreds of documents to be complied through simple use of index fields which can then be sent to the person making the request.
Privacy by design – privacy by design is an approach that promotes privacy and data protection. Data controllers must put technical and organisational measures such as pseudonymisation (the separation of data from direct identifiers so that linkage to an identity is not possible without additional information that is held separately) in place – to minimise personal data processing. Using FileDirector can help ensure everyone is working in the same manner and to the same procedures and can also show strong compliance by evidencing all communications and involvement with a client as well as controlling who has access to what data e.g. clear audit trails. Strict privacy controls govern who has access to what data, with configurable permissions to control what data users can access and what they can do with it. Should the regulator require evidence, a DMS can easily aid with this; showing that steps have been taken to ensure compliance. FileDirector allows you to assign individual users or departments into groups giving them permissions to view or edit certain documents.
Breach notification standards – the GDPR will introduce a duty on all organisations to report certain types of data breaches to the relevant supervisory authority, and in some cases to the individuals affected within 72 hours of becoming aware of the breach. In the unlikely event any breach of data should occur, this can be identified and reported immediately using a DMS such as FileDirector; something that is nearly impossible to do when dealing with paper documentation in various locations. FileDirector, can help streamline investigations with its revision and access control features allowing you to monitor who has accessed documents and what changes have been made. With GDPR also stressing privacy, a document management system can ensure data is not accessed mistakenly and is stored in a secure manner, where the loss, damage and even theft that paperwork could be subjected to is eliminated.
To find out more, please contact us or call us on 01785 785 650 to chat to one of our experts.