Is your company prepared to achieve GDPR compliance?

For those unfamiliar with the concept, GDPR stands for General Data Protection Regulation which is a regulation intended to strengthen and unify data protection for all individuals within the European Union.
It becomes enforceable on the 25th of May, 2018.

This means that there are certain types of privacy data that this regulation aims to protect, such as:

  • Basic identity information, for instance name, address and ID numbers;
  • Web data such as location, IP address, cookie data and RFID tags;
  • Health and genetic data;
  • Biometric data;
  • Racial or ethnic data;
  • Political opinions;
  • Sexual orientation
What is expected from a CMS/BPM in this area?
This regulation covers several topics.  We will focus in two of those in this article: Archive / Purge and Individual Rights.

Any information system that stores data should have the capability to define retention periods, both for archive and purge, which means that data has a Time to Live [SP1] that is configurable according to the type of data in question. For example, job applications often generate the storage of personal sensitive data. For this type of information there are laws that define the maximum time that a company can keep this information. On the other hand, there is data from employer records that should be kept for a different period of time. An information system should be able to define these periods and archive or purge data when the deadline arrives.

Individual Rights

In order to respect individual rights, an information system should allow anonymization of data, applying a non-reversible encryption.
Hereupon, this anonymization should be designed according to the type of data that we are dealing with. For example, if an employee invokes the "Right to be forgotten", his employer should have the capacity to do so by anonymizing all the stored employee's sensitive data. This does not mean that all data should be suddenly erased, because there is a professional history that should be kept, but all references to that employee should be masked in order to become impossible for anyone to discover that the stored data is from that person.

Although these topics seem simple, they can raise many problems for current information systems that are not prepared to deal with these new regulations and that is why, since early 2017, the demand for Information Systems that can effectively address GDPR compliance has increased.

Scriptor Server is already ready for this change as we have been working in order to give Information Managers the tools they need to implement data protection in their organizations, starting now!
Last articles

Teachers who work with IDD students have a need for specific tools to help their classes thrive in the...

Fill in a Canvas using our tips and templates and end up with an organised and structured project or...

SMART Goals is a methodology that will allow you to set goals in a more strategic way.

Check what this kind of software can do for your company!

Tell us your needs