GDPR isn’t over: Improving compliance officer’s role with document scanning
Written by: Tim Myatt
Publish Date: Nov 12, 2020
Read time: 8 minutes
GDPR was implemented over 2 years ago and a hot topic for so long up to it. As businesses rushed to make themselves compliant in the run up, they considered it a ‘set it and forget it approach’. Over two years on, past the standard deadline for storing sensitive data, businesses are at risk of falling foul because they didn’t maintain vigilance.
Now, faced with the prospect of scanning and digitising documents to satisfy their more mobile workforce, the question returns. “But what about GDPR?” It’s a wake-up call for businesses and compliance officers who may have taken their eye off the ball. Whilst it’s good that this reawakens their awareness, we can’t help but think they’re asking the wrong question.
It’s not so much that digitising documents leaves you more exposed to GDPR policing- it doesn’t really - any sensitive documentation and data (digital or physical) is beholden to the regulation. Yet it remains a commonly held concern when we speak to clients and prospects.
It’s good that it’s starting the discussion. But we feel you should be asking ‘How can document scanning support me with GDPR?’ or ‘How can document scanning improve my data security concerns?’
It’s easy to think about data security through the gaze of GDPR - as it provides a framework for discipline - but the broader security is just as important. Document scanning should be seen as a solution to improved security rather than concern raised by embarking on the project.
We’ve put together a few considerations to help you understand why digitising your documents and storing them online could leave you far more secure (and far less susceptible to fines).
Looking at document scanning vendors? Make sure you read read our free download which covers every major question you should ask your vendor:
Right to access & Right to be forgotten
An individual's right to request access to the personal information which you hold on them as well as, the right to have your data erased upon passing the retention period.
Both of these GDPR requirements are far more complicated when your documents are physical. Endless boxes and cabinets of sensitive files can make it difficult to retrieve the personal data on request and even harder years down the line when the retention period ends. Whilst it’s probably correct to say that the person’s sensitive information has been ‘forgotten’ - at least what cabinet it’s held in - it’s not quite the forgotten which the regulation has in mind.
Of course, you could eventually retrieve the documents you need. If taken care of correctly, they’ll be in one of your boxes, filing cabinets, archives, but a key distinction within the wording of the regulation is the need for this to be completed without “undue delay.”
Opting for a digital ecosystem for your document retention and storage places this data at a touch of a button. Particularly if you choose a platform with Optical Character Recognition (OCR) which enables you to search the text of the digitised documents.
Security issues & human error
Put bluntly, a heavily regulated digital platform is far less likely to be prone to error than physical systems coupled with human hands. Paper documents are far easier to misplace, steal or replicate (illegally). As a compliance officer, it falls to you to ensure your business and data assets are secure.
Is your facility secure? Do you have back-ups and redundancies in place to deal with break-ins, acts of God or even just clumsiness? After all, misplacing or misremembering the location of documents in vast archives is the most common security breach.
Going digital is a chance to lean on a partner that lives and breathes this side of the security, regulation and compliance. A business that is dedicated to providing secure storage of sensitive information in an encrypted cloud portal - that also has redundancies and back-ups in the real world.
Using a platform like EDMonline also permits you to control access to your sensitive information. Have more control over who can access documents unlike when they were previously stored in the archive or a filing cabinet in the office. You can provide access rights based on department, seniority or even individual. Coupled with the knowledge that the data centres are physically secure and built with fire/flood prevention in mind, you can be sure that your data is now secure. Let a highly regulated and experienced partner handle the heavy lifting.
Overall reduction in cost
This might, at first, seem contradictory after all you are paying for an extra service when the paper documentation is already in your possession and not costing you anything… or is it?
First, consider the valuable time and resources put into searching for documents. What else could your employees be doing with this time? There are surely more beneficial tasks they could be working on.
Secondly, consider the space which is being used up by your physical files. Whole rooms, wings or even buildings occupied with paper. Surely the funds allocated to rent or upkeep could be better used elsewhere? Even the space itself. Not to mention additional funds on security systems to keep sensitive data secure onsite.
Digitising your documents helps you become more creative with the space and resources you have available to you… greatly beyond the cost of simply scanning documents and storing them online.
So, is document scanning on your horizon?
Are you ready to let someone else handle the minutiae and day-to-day of data security?
Or even be the department that suggests a cost saving measure as everyone tightens their belts?
We’ve simplified the process of scanning by providing an immediate quote to most scanning needs. Just click the button below, fill out the form, and get your scanning quote immediately.