While companies around the world, including the United States, are grappling with how to handle the new General Data Protection Regulation (GDPR)—which governs the use of European Union residents’ personal data, it may be helpful to view the regulation in the context of today’s business priorities.
Recent Keypoint Intelligence-InfoTrends research shows that U.S. companies are most likely to say that improving document security is a top business priority. As company size increases, this is more likely to be the number one goal.
Which of the following are business priorities for your organization for the next three years?
Please select the top 3.
Source: Keypoint Intelligence-InfoTrends
The emphasis on document security has a direct relationship to GDPR compliance. When companies ensure that their documents are adequately protected, through features like data transmission encryption and password-protected PDFs, they can help protect the privacy of customer information—the key tenet of GDPR. Network-connected devices like computers and printers, as well as software for tasks like document management, must also be adequately safeguarded.
Digging deeper into GDPR’s requirements, the regulation forces companies handling personal data on European Union residents to develop their systems and services with data privacy as a guiding force—as opposed to as an afterthought. Companies should also regularly test the security of implemented processes, as well as in some cases name a data protection officer to handle interactions with European Data Protection Authorities (DPAs).
Another component of GDPR is the need for customer/user consent prior to processing that individual’s personal information. Furthermore, consent must be given for a specific use of the information as opposed to for general information use; individuals can obtain information on how their data is being used; and people have the right to withdraw consent at any time. Should organizations not adhere to these and other GDPR requirements, they may be fined up to 4% of annual global revenue or €20 million—whichever is greater.
Summary
GDPR is a new regulation that governs the processing of personal data on European Union residents. The good news for organizations handling this kind of information is that the regulation largely aligns with the top business priority of many companies: improving document security.
By continuing to ensure top-notch security for documents, the data contained within documents, and the devices through which documents pass, companies are well on their way to achieving GDPR compliance. That said, other elements of GDPR like user consent and data breach communications must be incorporated into GDPR strategies.