Our experts

GDPR: how EDM and ECM contribute to your compliance

Implemented on 25 May 2018, the GDPR, a general regulation on data protection, applies to all organisations that collect, process and store personal data relating to residents of the European Union, in order to strengthen the rights of individuals. But do not panic, your EDM has already planned everything (or almost), and can even help you optimise the lifecycle management of this data.

The General Data Protection Regulation, or GDPR, is based on a simple principle: to strengthen the rights of individuals to their personal data that is collected and manipulated by organisations. In doing this, It imposes on them some complementary obligations. If they are not respected, the sanctions can be significant: administrative fines of up to 20 million euros or 4% of the global annual turnover are foreseen, to which can be added damages for detriment incurred. The respect of these obligations, meanwhile, can induce constraints that are at the same time technical, organizational and professional…

But it is also an opportunity to transform the approach to the management of the data life cycle, so why not use this opportunity to stand out from competition. What’s better than the EDM (electronic document management), and more generally the ECM (including the functions of acquisition of information and incoming documents and management of business processes) to assist you in this process?

 

Compliance with the GDPR

Being and remaining in compliance with the GDPR can be a difficult task, whether for the small organisations that rarely have the technical and human resources to map all the data handled in their IT systems, or for multinationals that manage ever-increasing volumes of data in an ever-changing IT architecture, or for medium-sized structures. All of them are confronted with the management of exponentially growing volumes of information, often scattered but useful for many IT components in their day-to-day activities. Such a mapping allows not only to categorise the data (banking, health, biometric, social security number …), to identify the purpose for which it is collected, the personnel (internal or external) who treat it, as well as its flows and possible transfer. Also there is certain data that, according to the new European regulation, must be quickly accessible so that each individual can have it rectified, removed (right to forget) or have it transferred (right to portability).

What are the contributions of EDM and ECM solutions in this new regulatory context?

 

EDM will consolidate documentary information into a single repository

One of the recommendations for a successful GDPR compliance is to create a single platform for gathering all the data. This platform guarantees a 360 ° vision and a mastery of data flows.

EDM solutions make it possible to consolidate documentary information into a single, secure repository in which users instantly access information that is continuously up to date. But then how to handle data relating to individuals? How to allow for the right to forgetting data? How to make sure that personal data are no longer accessible at the request of the owner?

All this work, which the GDPR imposes, is already integrated into the software of EDM.
Functions, generally available by simple parameterisation, make it possible to take mass processing on the stored data (update, anonymisation, export, deletion …).

In addition, EDM makes it possible to manage the information lifecycle. For example, it is possible to configure the solutions to allow the manipulation of the essential personal data, temporarily, for processing purposes (workflow, case management …) and, once the processing is completed, to purge the personal information that is no longer useful to keep.

What the GDPR, the EDM, and more generally the ECM solutions, already propose …

 

EDM for organising and piloting internal processes

In addition to document management offered by the EDM, the ECM foundations can broadly have decisive advantages and even take a central character in compliance efforts.

Dematerialization solutions, thanks to their digital recognition systems, optical character recognition (OCR), reading and automatic document recognition (LAD and RAD), are ideal solutions for an automatic data exploitation, which can feed not only a documentary repository, but also professional repositories and applications. They can be a central point of entry into data acquisition, easier to control and audit.

Once this information has been acquired, its use and processing can be controlled by processes implemented in a workflow or case management solution, guaranteeing compliance with the processes defined by the company and the traceability of the treatments taken.

These same solutions offer identical benefits when they control all processing related to the processing of requests from people, whether it is the right of rectification, the right to be forgotten or the right to portability.

 

EDM for proving compliance with the GPRD

The EDM is therefore a strategic tool because it allows both to keep the data, to provide traceability on their use, to control the processes related to their processing, all in a secure way.

Being able to prove compliance with the GPRD is essential to escape very heavy administrative fines.

As a result, EDM offers an ideal solution for optimising data lifecycle management – streamlining operations, eliminating unnecessary data, and limiting processing to critical information.

The GPRD does not appear as a revolution or a matter of concern for publishers and integrators of EDM . That customers are reassured: it is rather a simple reminder of good practices when a company handles and archives data.

Etienne Jouvin

Etienne Jouvin

Position: Practice leader

Expertise: Documentum / Java / Alfresco / Nuxeo

Entry date: 2008

Age: 42 years old

Hobbies/Interests: running and hiking in the mountains