In the 1,000 days since the European Union General Data Protection Regulation (EU GDPR) came into force, businesses of all sizes have struggled with compliance, and many have been fined. An intelligent enterprise content solution can help your business gain control over its data — your starting point for meeting the regulation’s compliance requirements more efficiently.
As private individuals, we benefit from the data privacy and data security protections offered by the EU and UK General Data Protection Regulations (GDPR). We have more certainty and confidence about how companies and public bodies store, use and protect our personal data. We also have more rights over our personal data — we can ask what data a company holds about us, ask for it to be deleted, and more.
For organisations, however, being compliant with GDPR requirements can be challenging. Inability to comply can lead to large fines, not to mention reputational damage and loss of customer trust.
In the 1,000 days since the EU GDPR came into force in May 2018, businesses large and small have been fined for non-compliance. In 2021, more than 130,000 personal data breaches were notified, and fines totalling nearly €1.1 bn for GDPR violations were issued¹. Among the organisations to be fined was Amazon; which, in July 2021, was hit with the largest GDPR fine to date — $887 million — for not obtaining proper consent from users regarding their personal data.²
Although larger companies may face higher fines, small and medium-sized companies have also been fined for non-compliance. The
GDPR Enforcement Tracker provides an overview
Why is GDPR compliance challenging for companies?
To comply with GDPR, organisations must be able to respond, within given timescales, to data subject rights — requests by individuals (‘data subjects’) relating to their personal data, such as asking for it to be deleted. Organisations must also be able to meet their data protection obligations, which comprise:
- Knowing what personal data they hold, and how and why it’s being processed
- Protecting that personal data from events like unauthorised access, loss, or inadvertent destruction
- Notifying the authorities and the affected data subjects of any personal data breaches
For more details, please click on the fields in the diagram below:
In most organisations, storing and processing personal data about employees and customers is part of everyday work. That often adds up to a large amount of data, which translates into a critical responsibility for a data controller or processor, especially in situations such as:
- Data subject access requests from (usually former) employees or customers
- Data leaks or breaches, if personal data is stored in a non-secure repository
- Data breach notifications to data subjects
- Individual compliance, where employees are responsible for personal data they hold in their emails or work documents
Data protection: the top business challenge
28% of organisations say that data protection is their biggest business challenge.
Organisations say that the ‘new normal’ caused by the pandemic is affecting their approach to content/customer data management:
- 18% say they need to rethink customer data processing
- 34% say it’s about tightening up their security
Source: Konica Minolta & Keypoint Intelligence Survey 2022
How intelligent enterprise content solutions can support GDPR compliance
If you’re in the throes of transforming from paper to digital for information management, it’s a great opportunity to take GDPR compliance into account and get set up for it. Even if your data is already digitised, you may still be challenged to find what you need if data is held in multiple repositories, or is poorly controlled and indexed.
An enterprise content management (ECM) solution (like Konica Minolta’s
M-Files) or an enterprise search solution (like our
dokoniFIND) can help you streamline data management and GDPR compliance.
Solutions like these help you gain control over the data in your organisation by managing information access and monitoring all your repositories in real time to detect any personal data that shouldn’t be there. For example, credit card numbers mustn’t be stored in email systems. If an occurrence is detected, you’re made aware so you can take swift corrective action.
An ECM solution like M-Files can additionally automate the deletion of expired information.
Responding more efficiently to data subject requests
ECM and enterprise search solutions can help reduce the cost and effort of responding to data subject requests. You no longer have to take employees away from other work or require them to put in overtime.
These solutions make light work of searching through multiple data sources and file formats, automatically identifying personal data across all your data stores (both structured and unstructured sources), extracting it, and enabling you to generate customised reports in just a few clicks. Compared with manual processes, there’s little risk of unwanted data being incorrectly included, or relevant data being erroneously excluded.
Enterprise content management and search solutions also enable you to verify that any required actions with the retrieved data, such as deletion, have been completed in line with the request.
Meeting data breach notification requirements
Enterprise ECM and search solutions like ours also help you more easily meet GDPR data breach notification timeframes and requirements.
If you believe your organisation has suffered a data breach, our solutions help you create reporting on all of the impacted records holding personal data for you to share with the authorities — helping you meet the mandated 72-hour notification window. In addition, you can create the required reporting for sharing with the affected data subjects without undue delay.
Turn GDPR compliance into a competitive advantage
With the right processes, workflows and supporting tools in place, you can more easily and efficiently meet GDPR obligations around storing and processing personal data, responding to data subject requests, and notifying any potential breaches.
And with increased confidence in your ability to comply with GDPR, you can present your business as a champion of personal privacy, which can help build and maintain customer trust and loyalty.
¹ https://www.complianceweek.com/regulatory-enforcement/report-gdpr-fines-surpass-1b-in-2021-breach-notifications-also-rise/31259.article#:~:text=In%202021%2C%20there%20was%20an,28%2C%20the%20report%20noted.
² https://www.techtarget.com/searchsecurity/feature/GDPR-as-we-enter-2022-Challenges-enforcement-and-fines
Are you ready for electronic signatures?
95% of organisations are using e-signatures, evaluating e-signature providers or planning to buy an e-signature solution in the future, according to
DocuSign research. Discover the applications and benefits of different types of e-signature.
GDPR as we enter 2022: challenges, enforcement and fines
2021 saw an increase in EU GDPR non-compliance fines, including record-breaking multimillion dollar fines for two tech giants. What factors have contributed to this increase? Read this
TechTarget/SearchSecurity blog to find out more