How to ensure overall GDPR compliancy in ECM systems
On August the 30th 2018, Turnpikes hosted their first General Data Protection Regulation (GDPR) event. It took place in Skofabriken in Södermalm, Stockholm and was an overall successful day. It included, among other things, great client and partner discussions and a presentation from Turnpikes about the upcoming GDPR. The focus of the presentation was how companies could use existing applications to ensure their unstructured data was compliant with GDPR. It also included information on how Turnpikes, with tools such as Microsoft Power BI, can help clients analyze and visualize their content. By incorporating data visualization, it allows the company to focus on the high-volume, high-risk data while easily identifying where personal data is stored.
The day started with a presentation from Phil Poulten on the general requirements that come with GDPR, including the history of data protection within the European Union and the future schedule for GDPR.
The attendees were made aware of the substantial fines that accompany data breaches but also the opportunities of how to improve data privacy and protection. The 7 Guiding Principles of GDPR was introduced and it explained in relation to ensuring overall compliancy in ECM systems and improved information management.
The morning session then moved on to a discussion with the participants sharing their experiences with GDPR. The discussion also covered the current level of readiness that they see within their own companies and within the companies they work with. Subjects such as the rights of employees under GDPR, as well as storage limitation, accuracy, data minimization and accountability were all debated. It became clear that most companies attending were within the bracket of the 48% of companies surveyed in April 2017. Meaning they were ’On the Right Track’.
After an enjoyable lunch, the afternoon kicked off with data visualization and analysis. The ability of a company to readily identify unstructured data containing personal information will be paramount in meeting the GDPR Subject Access Requests within the 30-day time limit. Ilja Ziegler demonstrate our Reporting and Analytics solution for OpenText Content Server and how it would allow companies to quickly and easily identify high risk data types within their ECM system and target their GDPR strategy to ensure compliancy for these areas. The presentation also showed how Reporting and Analytics can be used across ECM and other systems, such as StreamServe, to increase efficiency in processing and improve system adoption and effective use.
The day finished with a presentation of the foundations required for GDPR compliancy. A simplified roadmap was described including essential steps to ensure compliancy, such as, Process Mapping and Modelling, Technical and Organizational Analysis, and Implementation and Integration of the processes, policies, and system to support compliancy. The session touched on the requirements for Data Protection Officers before moving into detail regarding Security by Design including a live demonstration on how Records Management can be used to meet Storage Limitation requirements and Security by Default recommendations.
The day was an immense success with clients highlighting the 7 Guiding Principles of GDPR and the Turnpikes expertise in Reporting and Analytics as key ‘take-aways’ from the event. We look forward to the next opportunity where we can share our knowledge with our clients and partners.
If you are interested in knowing more about GDPR, Information Management or Reporting and Analytics, or if you would like to attend the next event/workshop, do not hesitate to contact Turnpikes here.