Document management solutions provide:
- structured organisation and control of documents
- the ability to search
- document security, audit and versioning
- the capability to manage retention
What they are not necessarily capable of is identifying and separating personally identifiable information (PII) from everything else in each document.
Data protection considerations for document management solutions
Access
Processes must be implemented to grant or remove access to PII when staff join, move within or exit the company.
Encryption
To be compliant with GDPR, documents must remain encrypted whether stored in document management, in-transit, stored locally or when backed up for disaster recovery.
Remote working
The use of personal equipment to store documents or public cloud solutions create potential exposure.
Breach notification
If it can be proven that a document is encrypted, then the obligation to report a breach to the data subject is removed, however the ICO must be notified within 72 hours of the breach becoming known.
Rights of the data subjects
- Right to be Informed
- Right to Access
- Right to Rectification
- Right to Erasure
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
- Rights related to automated decision making and profiling
Contact our Data Protection and GDPR Lawyers Liverpool, Wirral, Merseyside and Across England & Wales
GDPR impacts many aspects of your business, from document handling to employing staff to dealing with other businesses. Our data protection and GDPR team are here to provide bespoke legal guidance for your business operations. For a free initial consultation with our data protection and GDPR solicitors, contact us on 0151 659 1070 or complete our online enquiry form.
