For anyone responsible for data law compliance, May 2018 was a busy month. From security stress testing, through to the cleansing of mailing lists, organisations saw a flurry of activity in preparation for the arrival of an entirely new data protection framework. The General Data Protection Regulation (GDPR) had finally been implemented.
Even if your GDPR implementation efforts ran relatively smoothly, it is important to remember that compliance is an ongoing process. For any large organisation, there is an ongoing obligation to identify potential compliance weak spots and implement measures to address them.
Highly regulated organisations are increasingly realising the benefits of a digital mailroom. The promise of simplified compliance and improved data safeguarding are big drivers in favour of adoption. Here, we take a closer look at how a digital mailroom can help you achieve continued compliance.
Running to 99 Articles, GDPR is a lot for any enterprise to distill. But at its core, it affects organisations in three main ways:
Much of the commentary surrounding GDPR focuses on the growth of the digital marketplace. That said, nearly a quarter of UK organisations receive between 2,000 and 5,000 items of inbound mail each month. From clinical notes through to credit assessment forms, this can represent some of the most sensitive personal data processed by the organisation — exactly the type of information that the architects of GDPR are most anxious to protect.
The mailroom has traditionally been the hub for the processing of this data. It is here that significant security and privacy issues can arise. Documents routinely go astray, they are not matched with their correct files in time or at all — or they end up in the wrong hands.The upshot of this is that, from a compliance perspective — especially in light of GDPR — the mailroom represents a significant weak point.
EDM’s Digital Mailroom gets to the heart of this problem. Through it, all inbound information — both digital and physical — is subject to the same process flow. Physical documents are scanned and all information is categorised using intelligent classification software. Allocation, storage and archiving are all handled by the same system.
For GDPR compliance, this helps on two fronts:
The old regime allowed organisations to levy admin fees for data access requests. GDPR now requires that you supply this information for free in most instances — and within 30 days of the request being made.
The data relevant to such a request might include forms, contracts and communications in various formats, scattered across multiple locations. Responding to requests can be time-consuming and your compliance risk is twofold:
With a digital mailroom, all documents and communications containing personal data are fed into a single information management system. From here, they can be matched automatically to their correct file (for example, a customer record or HR file). SLA’s can be applied at document level ensuring inbound communications are prioritised in accordance to the type of enquiry and therefore processed in a timely way.
For each individual who submits an SAR, you can tell at-a-glance precisely what information you hold on them. What’s more, where that data exists in physical form, the integrated archiving process means you can see where it resides.
All this means that dealing with voluminous, complicated requests becomes a lot easier. You can be sure that the information you provide data subjects is accurate — and complying within the time limits becomes much less of a resource burden.
Data subjects can, under certain circumstances, request that their data be deleted or transmitted directly to them or to a third party. But these are not absolute rights, and if a request for erasure or transfer is received, organisations need to assess whether, and to what extent, such a request is appropriate.
A digital mailroom enables clear and systematic categorisation of documentation. If a previous client requests deletion of all records, you can instantly identify the documents suitable for erasure — along with those that you need to hold on to (for example, in accordance with HMRC or FCA requirements).
Organisations are under a duty to restrict data minimisation and storage limitation. They must ensure that the personal data is only processed where necessary for intended purposes and it should only be stored for as long as it is needed.
A digital mailroom can assist on both of these fronts. Automatic categorisation of documents can help to identify those sources of data that are required for specific processing purposes, and those that are surplus to requirements. You can also define set timescales for automatic deletion of both digital and physical records and align this with your organisation’s retention policies.
A digital mailroom can strengthen your organisation’s security and privacy stance in multiple ways:
To find out how our Digital Mailroom solution can help your business’ ongoing GDPR compliance, request a free health check (worth £1000) with EDM today.
Tim is Head of Commercial & Retail Sector Sales. Tim’s expertise lies in devising the perfect blend of consultancy, technology and outsourcing that delivers the best value for his customers. As well as founding and managing his own business, Tim’s extensive industry experience, spanning a 15+ year period, includes working with some of the country’s most high profil organisations and taking them on a journey of digital transformation with a major focus on de-risking, enhancing compliance and improving performance.
Get our expert knowledge delivered straight to your inbox, and keep up-to-date with the latest goings on in your industry.
The vast amount of data your organisation holds has the potential to revolutionise patient care. Once your medical records have been digitised the benefits are endless. Read the rest of the article to...
Read blog post >
Norfolk and Norwich University Hospitals NHS Foundation Trust (NNUH) has announced a major contract with EDM Group to scan and digitise new and existing paper medical records.
Read blog post >
Copyright © 2018 EDM Group Limited. All Rights Reserved.