‘There has been a 160 per cent rise in data breach com­plaints fol­low­ing GDPR’

Yorkshire Post - Business - - FRONT PAGE - Luke God­frey

Now we are com­pli­ant in a post-GDPR world, what hap­pens next? What hap­pens if some­one asks to see all of their per­sonal data that you hold? Can you de­liver the goods? It goes with­out say­ing that there’s a huge el­e­ment of com­pli­ance re­quired when it comes to GDPR, fol­low­ing its in­tro­duc­tion on May 25.

Ac­cord­ing to the lat­est sta­tis­tics, there has been a 160 per cent rise in data breach com­plaints fol­low­ing GDPR.

Polic­ing GDPR is, ad­mit­tedly, go­ing to be dif­fi­cult and al­though most com­pa­nies are now com­pli­ant, re­main­ing com­pli­ant is still a chal­lenge for many or­gan­i­sa­tions. As a re­sult, busi­nesses re­quire ef­fi­cient meth­ods to do this.

As an or­gan­i­sa­tion, you don’t want to be hit by a GDPR fine.

Set at four per cent of your global turnover or €20m, it could have dev­as­tat­ing im­pli­ca­tions on a busi­ness.

GDPR presents a ques­tion over ef­fi­ciency too. If some­one re­quests ac­cess to their per­sonal data, busi­nesses are re­quired to pull every­thing to­gether within 30 days and, if there’s a data breach, busi­nesses must in­form the ICO of the breach within 72 hours. So, time is of the essence.

When some­one re­quests a copy of their per­sonal data that is held by a com­pany, it is re­ferred to as a Sub­ject Ac­cess Re­quest (SAR) and it’s cru­cial that all busi­nesses are aware of what this en­tails, and have pro­cesses in place to quickly deal with the re­quest. SARs were pre­vi­ously charge­able, how­ever, in the ma­jor­ity of cases it is now free and has to be com­pleted within a month, or it could lead to a hefty fine.

A num­ber of com­pa­nies have re­ported an in­crease in SARs since the in­tro­duc­tion of GDPR. As you can imag­ine, this can be­come very time-con­sum­ing for an or­gan­i­sa­tion to col­late all the nec­es­sary in­for­ma­tion, es­pe­cially larger or­gan­i­sa­tions when this is mul­ti­plied by hun­dreds of cus­tomers with doc­u­ments in mul­ti­ple lo­ca­tions. Imag­ine all those hun­dreds of thou­sands of doc­u­ments to trawl through – it would be a very time­con­sum­ing task, es­pe­cially if you are hit with nu­mer­ous SARs in one go.

So what pro­cesses can busi­nesses put in place to en­sure SARs are re­sponded to ef­fi­ciently and timely?

One so­lu­tion is us­ing a se­cure doc­u­ment repos­i­tory. Sim­ply put, a se­cure doc­u­ment repos­i­tory en­ables or­gan­i­sa­tions to store all their doc­u­ments in one se­cure lo­ca­tion, en­abling doc­u­ments to be quickly lo­cated.

With all doc­u­ments stored in one se­cure en­vi­ron­ment, or­gan­i­sa­tions can quickly ac­cess records and per­form de­tailed searches, re­view­ing all the in­for­ma­tion held on that per­son. This can then be down­loaded and col­lated to be pre­sented back to the cus­tomer in the most ef­fi­cient way.

The ben­e­fits of this kind of sys­tem in­clude sav­ing sig­nif­i­cant amounts of time, re­source and costs as po­ten­tially one per­son is able to quickly col­late all the in­for­ma­tion. The sys­tem can also give busi­nesses the con­fi­dence that all the re­quired doc­u­ments have been lo­cated.

Many doc­u­ment repos­i­to­ries can store nu­mer­ous types of doc­u­ments long term, from dig­i­tal doc­u­ments to im­ages and scanned let­ters. Th­ese are all in­dexed for quick re­trieval in the event of a SAR or equally for every­day busi­ness use.

Busi­ness rules can also be built in to en­sure that cer­tain in­for­ma­tion is only stored for the time it is re­quired and then se­curely de­stroyed when ap­pro­pri­ate, an­other GDPR re­quire­ment. Al­though you’ve got over the hur­dle of be­ing GDPR com­pli­ant, it doesn’t stop there. By en­sur­ing your data is stored ef­fi­ciently and se­curely means you are one step ahead if you do get any SAR re­quests and are not caught off


Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.