The GDPR policy comes into effect 25 May 2018, however a recent survey by Ernst & Young shows very few companies globally are prepared for the new legislation, and many Australian companies incorrectly believe the policy won’t affect them.

To help you prepare, we’ve compiled a list of handy tools to assist with your organisation’s GDPR compliance.

1. Ensure you can find every piece of information relating to a person.

The GDPR Article:  Article 15 gives individuals the right to access their personal data, and Article 16 provides individuals with the right to have incorrect or incomplete data corrected.

The GDPR tool:  RecordPoint, Structured Data Manager and ControlPoint

How it assists with GDPR compliance:  Often organisations have information saved across a variety of platforms including, for example, a finance system, database such as Salesforce, within emails, on computer desktops, network drives, Dropbox, SharePoint and social media. As data volumes increase, it can become challenging to find information. RecordPoint is an information management solution that works in the background to manage and index content across sources, both inside and outside the enterprise. ControlPoint provides a level of searchability that is one step further, enabling organisations to search document contents.

Has your organisation retired an application? How is that information being retained and managed? Structured Data Manager assists with this challenge.

2. Data protection.

The GDPR Article:  The GDPR requires “data protection by design and by default” as outlined in Article 25, which requires that companies, when designing information systems and processes, consider data security from the outset. Article 32 also discusses the need for “security of processing”.

The GDPR tool:   RecordPoint Records 365 or On-Premises

How it assists with GDPR compliance:  RecordPoint works in conjunction with SharePoint to assist organisations with managing information across a wide variety of platforms, so your team doesn’t have to change how and where it works. All traffic between RecordPoint and Office 365 is encrypted and the platform itself meets a whole heap of international and Australian standards including ISO 16175, ISO 15489, IS40, VERS, ANSI, Sarb0x, MoReq2010, HIPAA, NARA, 21 CFR 11, DoD 5015.2, and FIPS. RecordPoint vNext and 365 are built on Microsoft Azure with data centres certified to the highest industry standards to ensure data security.

3. Dispose of information at the right time.

The GDPR Article:  Article 5 outlines the requirement for “storage limitation” to safeguard EU citizens and their data, which is also in the best interest of organisations.

The GDPR tool:  RecordPoint Records 365 or On-Premises

How it assists with GDPR compliance:  RecordPoint utilises retention and disposal schedules to manage the lifecycle of all documents, records and information. Based on a document’s classification, at the end of its lifecycle it will follow a predetermined disposal process which can include it either being permanently disposed of, exported, reviewed or retained.

4. Maintain a record of activities.

The GDPR Article:  The policy requires that organisations “maintain a record of processing activities” and sets out a list of information to be retained in Article 30.

The GDPR tool:  RecordPoint or TRIM / Content Manager

How it assists with GDPR compliance:  RecordPoint and HPE Content Manager will assist by providing an audit trail on documents and records – i.e. which login made a change, what that change was and when that change was made.

5. Delete personal information with an audit trail.

The GDPR policy:  Article 17 gives individuals “the right to be forgotten” in certain circumstances, and to request that an organisation erase their personal data.

The GDPR tool:  RecordPoint Records 365 or On-Premises

How it assists with GDPR compliance:  If a person requests that their information be erased, RecordPoint can destroy the data in a defensible way, leaving behind a destruction certificate.

6. Ensure personal data is recorded properly.

The GDPR Article:  The entire policy touches on personal information, which has a broad definition, and can quite often be found within email communications.

The GDPR tool:  inMailX

How it assists with GDPR compliance:  Nearly every employee files emails within their mailbox, but do they get captured by your organisation’s information management tool?  InMailX integrates seamlessly with Outlook to make it easy for users to capture and file email records.

If you’d like to know more or have a demo of any of these tools, please get in touch with our team below.

Legal disclaimer: Information outlined here solely reflects the views of its editors and authors and should not be construed as legal advice. We recommend you obtain formal legal advice.