Countries across the European Union will soon be writing into law the new General Data Protection Regulations (GDPR), which, amongst other edicts, put into place financial penalties for any body that fails to protect any EU citizen’s data, with fines up to 4% of global revenue. A big deal, to say the least, for companies not taking the security, regulation and processing of their data seriously.
The EU’s move will in no way be unique in coming years, as the control, access, and protection of data and its dissemination will increasingly become regarded as a basic human right, in much the same way as we today regard access to basic utilities, such as water and power.
GDPR brings in some serious changes that have ramifications beyond the EU borders. One major change is around the much debated and often flaunted geographic scope of where data is captured and held. For the first time, the geographic scope of the data “jurisdiction” is being expanded so it affects all businesses globally, not just those operating or registered in the EU. If your company holds the personal data of an EU citizen, whether it is established in the EU or not, it must be compliant. As markets become more and more global, data is being transported across geographic lines at greater rates and GDPR aims to address this, at least at a first step. A company selling its goods to a UK citizen in the global marketplace but based in Mexico or Hong Kong or Sydney is going to have to ensure that they are also compliant. A major change and potentially game changing one.
In order to comply companies must be able to do a number of key things.
- Clearly seek and receive customer data consent
- Allow a customer to revoke that consent at any time
- Be able to “end of life” customer data
- Provide a customer with their personal data at any time in a “commonly used and machine readable format”
- Demonstrate that they have “implement[ed] appropriate technical and organizational measures…in an effective way.”
- Notification of a breach in data protection within 72 hours
- Designation of a Data Protection Officer
If a company cannot demonstrate they made a serious attempt at complying with these regulations they will be considered in breach and can be fined up to 4% of their global revenue for some of the more serious infringements like not having sufficient customer consent. At the lower end, a company is likely to be fined 2% for not having their records in order for example. Still for some companies that could be crippling. Not to mention the brand and PR implications of being fined. So for a Fortune 500 company that has a global revenue of say USD30 billion, even a lower level fine would be USD600 million. A steep price for even the most profitable company.
It is not all doom and gloom. A strong document management system or Enterprise Content Management System combined will be key in ensuring that a company can track a customer’s lifecycle from application, to consent, through customer management and on-boarding to end-of-life and so on. Being able to manage your customer data and retrieve it on-demand is becoming more and more crucial. Not only from a regulatory point of view but because customers are going to expect it.
While different territories require different standards, the global nature of data is such that companies are going to have to delivery to the highest levels of integrity. The EU’s directives are likely just the beginning and an indicator of the way other legislative bodies will proceed: data isn’t just a European requirement.
The organizations that adapt and have the agility to adopt more robust data processes across the board will be the ones who will be able to drive a more customer-centric and less costly sticking plaster approach and ultimately are less likely to end up handing over chunks of revenue to governmental bodies in fines.
With more than 30 years’ experience with some of the world’s leading company’s Laserfiche provides ECM systems more than 36,000 organizations globally and helps customers capture, manage, process, store and retrieve their customer’s information and data.
Laserfiche’s solutions will help companies comply with GDPR through a variety of methods:
- paperless workflow design and tracking
- document check-in and check-out
- automatic filing of imported documents
- searchable content
- scanning and OCR
- third-party app integration
- Retain contracts only as long as required by corporate regulations.
- Instantly find items when a vendor, auditor or third party requests information.
SEE ALSO: Laserfiche’s benefits for your business
The business benefits of saved costs, improved workflow, and clean data centralization should be enough to point any intelligent decision-maker to Laserfiche. The workflow benefits, perhaps in years past seen as happy by-products, are beginning to appear as a justifiable ROIs in their own right.