As most businesses will be aware, the 25th May 2018 saw the introduction of the new GDPR rules across the EU and replacing the Data Protection Act in place within the UK. The new rules are likely to impact most businesses operating within the UK, designed to protect consumers and their data, restricting businesses and affecting the way that they operate as a whole.
The GDPR rules cover provisions for paper documents, meaning that anybody working with paper documents that hold sensitive data will have to ensure that they comply. As you may not fully understand the rules or may not be aware of what is required of you, we have created a list of things that you need to consider to be sure to comply with GDPR.
Managing Documents and their Retention Periods
Documents have retention periods that determine how long you should keep hold of the documents, with GDPR stipulating rules relating to the way that they are stored, how they are destroyed, and more. Although it is likely to be a long and complex task, you should make sure that you comply with the new GDPR rules about retention periods, document shredding, and the management of your documents, if haven’t done so already.
A common way that businesses have chosen to do this is to turn their paper documents into digital copies and manage them by using an online management system. By digitizing your documents, you will be able to have instant access to the documents and you will be able to manage them in a much better way.
Locating Data and Private Documents
To comply with GDPR, you need to be sure that you can find the documents, especially as the new rules are stricter than before. The right to be forgotten is a big part of the new rules, with consumers able to ask for their information to be deleted or removed from their possession. With this in mind, you do need to be sure that you can easily locate and retrieve all of your documents. To comply with this, you should have an effective system in place for tracking the documents or at least be able to find them easily.
It is very easy for documents to be duplicated, and so you may be completely unaware as to how many copies you have of different documents. Not only does this mean that the data that you use could be lost and could get into the wrong hands, but it also means that you won’t be able to fully comply with GDPR.
Keeping the Data Private
All documents and data must be kept private as part of GDPR, throughout all stages of using the documents. Whenever creating, storing, managing, or destroying documents, you need to be sure that the data is kept private. Once again, you should put processes and regulations into place that ensure data is kept private, reviewing current processes and activities that the business operates with.