On May 25th 2018, the European Union’s General Data Protection Regulation (GDPR) will come into effect. The GDPR will apply to any organization, including those outside of the EU, that holds or processes data from EU residents. Evolusys has solutions to help organisations of all sizes assess their exposure to GDPR and implement GDPR solutions.
What is the General Data Protection Regulation (GDPR) ?
In 2016, The General Data Protection Regulation (GDPR) was released and it will come into effect on May 25th, 2018. It will replace the older Data Protection Directive 95/46/EC to become the single all-encompassing privacy protection regulation in the EU. The GDPR changes many things, and especially makes it clear where responsibility for privacy protection lies, with companies who store, collect, manage and analyse Personally Identifiable Information (PII) data.
Major breaches to GDPR could lead to fines of up to €20 million or 4% of global annual turnover. For less important breaches, the authorities could impose fines on companies of up to €10m or 2% of global annual turnover, whichever is greater.
Amongst the changes introduced by the new regulation, European Citizens get the following rights:
* The right to be forgotten— the right to ask data controllers to erase all personal data without undue delay in certain circumstances;
* The right to data portability — where individuals have provided personal data to a service provider, they can require the provider to ‘port’ the data to another provider;
* The right to object to profiling — the right not to be subject to a decision based solely on automated processing.
But, in your company, where is the content subject to GDPR ?
While most companies have a clear picture of information repositories holding PII, generally inside its business line systems it is likely to be a lot more difficult for unstructured content repositories. Common Business lines systems include Customer Relationship solutions (SalesForce, PeopleSoft, Dynamics) and ERPs (SAP, Oracle, Axapta and others).
But what about other general purpose systems, such as Emails and Enterprise Content Management and File Shares. Office documents, Emails, Attachments, PDF files, letters, contracts - unstructured content – is likely to also hold PIIs. And very often, they are much less controlled, or governed, than Line of Business systems. Might as well find a needle in a haystack. How well governed are your emails, attachments, file shares, Content Management systems such as SharePoint, Lotus Notes, Documentum or perhaps file sharing cloud solutions such as dropbox, box, OneDrive? What happens to those when people leave the company? What about these past years acquisitions? Whether or not these pockets of information are properly managed, they are subject to the regulation.
Evolusys solutions for GDPR
Evolusys has been accompanying customers on Content Management best practices for years, with solutions that help govern and organise unstructured content throughout the information lifecycle (inception, creation, publishing, archiving). In parallel, for the most advanced cased, significant productivity gains are achieved through the automation of document related processes. Throughout these engagements, Evolusys has earned significant expertise on the management of unstructured information and documents. GDPR Assessment - Coginov Info-Audit. Coginov (www.coginov.com) is a long time partner of Evolusys, with solutions such as Mail2Share. Over the years, Coginov has devised a suite of products revolving around a core component : its Semantic API.
Coginov’s Info-Audit can scan a company’s unstructured repositories, whatever they are, and bring back tons of relevant information about the documents metadata (dates, types, locations, duplicates, owners, modifiers, etc..) but more importantly, the inner contents of the documents. Info-Audit does this by performing a semantic analysis of the contents of documents, and retrieve the topics contained in documents, as well as identifying whether documents contain PII information. All the information gathered is presented using powerful Dashboards, using tools (such as Microsft PowerBI) to enable a company to get a solid 360 degrees view of their unstructured contents – both container and contents.
GDPR Process Implementation - Beyond an Info Audit assessment, Evolusys can help you automate GDPR processes, from personal information retrieval requests, to updates, to fixes, along with tasks and approvals. Evolusys can also help you rationalize and migrate GDPR related contents to compliant supports such as Microsoft Office 365 (cf : https://blogs.microsoft.com/on-the-issues/2017/02/15/get-gdpr-compliant-with-the-microsoft-cloud/).
Evolusys can also help companies document, share and automate all document management policies using another partner Editor solution : Geneva based GlassIG (www.glassig.com) provides a solution which allows the creation of policies that are actively managed and published across organizational, jurisdictional and content repository boundaries – whether cloud or on-premises
Contact us for more information and personalized expertise for your company ! http://www.evolusys.ch/contact