
Document management solutions provide:
- structured organisation and control of documents
- enable search
- provide document security, audit, versioning
- capability to manage retention
What they are not necessarily capable of is identifying and separating personally identifiable information (PII) from everything else in each document.
Access
Processes must be implemented to grant or remove access to PII when staff join, move within or exit the company.
Encryption
To be compliant with GDPR, documents must remain encrypted whether stored in document management, in-transit, stored locally or when backed up for disaster recovery.
Remote Working
The use of personal equipment to store documents or public Cloud solutions create a potential exposure.
Breach Notification
If it can be proven that a document is encrypted, then the obligation to report a breach to the data subject is removed, however, the ICO must be notified within 72 hours of the breach becoming known.
Rights of the Data Subjects:
- Right to be Informed
- Right to Access
- Right to Rectification
- Right to Erasure
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
- Rights related to automated decision making and profiling