A new regulation set to take effect in May of 2018 will change the way organizations manage data related to European Union (EU) citizens. The General Data Protection Regulation (GDPR) that was passed last year will replace the Data Protection Directive and aims to protect EU citizens’ personally identifiable information (PII).
The GDPR applies to businesses based in the EU, but also companies who are collecting the PII of EU citizens regardless of location. If an organization doesn’t take the steps necessary to protect personal data, it could be looking at a fine of up to €20 million or 4 percent of annual revenue, whichever amount is larger, according to CMS Wire.
The only tricky part is that the GDPR doesn’t spell out which processes or technologies companies should integrate to meet the requirements of the new law. However, CMS Wire suggests taking a look at an enterprise content management (ECM) solution that “takes advantage of metadata to enforce the security and governance required to protect customer data.”
The GDPR was “designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy,” according to the GDPR website.
This new regulation means citizens have better access to personal data that companies collect and know how that data is used, according to CMS Wire. Businesses should start to deploy some type of data protection into any data collection or storage system that is currently utilized. They should also retain only the PII that’s being used for the reason it was collected, CMS Wire reported. The regulation also requires that any company processing PII for more than 5,000 people annually appoint a data protection officer (DPO).
If an organization’s data is breached, they have to report it within 72 hours unless the data is encrypted.
How an ECM solution can help
Metadata can aid organizations when it comes to compliance and when used with an ECM tool, it can help companies categorize and manage PII in accordance with the new GDPR requirements, according to CMS Wire.
If contracts and invoices contain sensitive customer information, an ECM tool can treat any file labeled as a contract or invoice as PII. It can also figure out whose data is within any file, given that the new regulations allows citizens to request that businesses offer an index of the PII data that the company has on them.
When a file or object is labeled as a document that contains PII, an ECM solution can ensure that the proper actions are taken to handle the information properly, including the following, according to CMS Wire:
- Encrypting files and objects that contain PII.
- Enforce retention and deletion rules.
- Apply access control and permission management.
- Stop files and objects with PII from being transferred out of the organization.
- Track changes to PII files and provide an audit trail.
Implementing an ECM tool can help your business meet the new GDPR requirements with ease and sidestep the possible fines your organization could face. Take a look at our Buyer’s Guide below to find the best solution for your business.