At present, much of the proposed GDPR legislation has focused on electronic customer data – how it is collected, processed, shared and stored. With an estimated 60 percent of customer data residing in business documents, GDPR is once again shining a light on records management protection.
Many organisations already have advanced policies in place that include data retention protocols and the ability to audit electronic records and documents, including users who have viewed the document, how many times a file was opened and time stamps for when files were accessed.
However, records management systems typically lack the ability to manage physical records, which is a vitally important component of GDPR compliance.
Kicking the Paper Habit
A paperless business environment has been proposed as one solution to easing GDPR compliance. The paperless office is not a new concept; in fact, Businessweek published an article in 1975 that envisioned a paper-free corporate existence. Four decades later, organisations are still chasing a paperless reality largely driven by noble aims such as environmental stewardship and waste reduction.
Paper has endured, because while digital communication is often ideal for shorter correspondence, people are more adept at reading and absorbing lengthier content in its physical, printed form.
According to one 2016 study, 92 percent of college students prefer reading on paper, underscoring the need to integrate traditional paper-based and digital document management. Consider the example of an employee making print copies of a digital file: a GDPR-driven retention policy may destroy the digital file, but if a paper version still resides in an office drawer, the guideline is breached.
Preparing for GDPR
GDPR’s sweeping regulations are introducing a host of new requirements. While the focus is often placed on cybersecurity threats, server and database hacks, and stored electronic data, paper documents, paper records and data transmitted across corporate networks are all too often overlooked.
Forbidding paper in favour of an electronic-only data environment is an option in some cases, but the stark business reality is that most organizations are not willing (or able) to transition to a completely paperless workflow.
Against this backdrop, organisations must ensure their paper records adhere to GDPR guidelines, which will require focus and discipline. In our next blog we are going to look at important first steps that businesses can take to integrate physical and electronic document management by providing the two data types equal prioritization and achieving a more comprehensive level of GDPR-readiness.
For further advice on best practice for records management, download our free guide: Records Management Tips free download