Is your company prepared to achieve GDPR compliance?

For those unfamiliar with the concept, GDPR stands for General Data Protection Regulation which is a regulation intended to strengthen and unify data protection for all individuals within the European Union.
It becomes enforceable on the 25th of May, 2018.

This means that there are certain types of privacy data that this regulation aims to protect, such as:

Basic identity information, for instance name, address and ID numbers;
Web data such as location, IP address, cookie data and RFID tags;
Health and genetic data;
Biometric data;
Racial or ethnic data;
Political opinions;
Sexual orientation

What is expected from a CMS/BPM in this area?
This regulation covers several topics. We will focus in two of those in this article: Archive / Purge and Individual Rights.

Archive/Purge

Any information system that stores data should have the capability to define retention periods, both for archive and purge, which means that data has a Time to Live [SP1] that is configurable according to the type of data in question. For example, job applications often generate the storage of personal sensitive data. For this type of information there are laws that define the maximum time that a company can keep this information. On the other hand, there is data from employer records that should be kept for a different period of time. An information system should be able to define these periods and archive or purge data when the deadline arrives.

Individual Rights

In order to respect individual rights, an information system should allow anonymization of data, applying a non-reversible encryption.
Hereupon, this anonymization should be designed according to the type of data that we are dealing with. For example, if an employee invokes the "Right to be forgotten", his employer should have the capacity to do so by anonymizing all the stored employee's sensitive data. This does not mean that all data should be suddenly erased, because there is a professional history that should be kept, but all references to that employee should be masked in order to become impossible for anyone to discover that the stored data is from that person.

Although these topics seem simple, they can raise many problems for current information systems that are not prepared to deal with these new regulations and that is why, since early 2017, the demand for Information Systems that can effectively address GDPR compliance has increased.

Scriptor Server is already ready for this change as we have been working in order to give Information Managers the tools they need to implement data protection in their organizations, starting now!

Rui Estêvão

Scriptor Server Product Manager

Articles from Rui Estêvão

Digital Transformation with Automated Document Generation

Leveraging Scriptor Server for Efficient, Template-Driven Document Creation

Rui Estêvão

Scriptor Server Product Manager

Beyond Internal Communication: The Power of Intranets in Shaping Corporate Culture

Unlocking Team Engagement and Cohesion through Effective Endomarketing Strategies.

Rui Estêvão

Scriptor Server Product Manager

Knowledge Retention and Process Formalization: Combatting Talent Shortages and High Turnover

Harnessing Organizational Memory to Navigate the Complex Landscape of Talent Acquisition and Retention

Rui Estêvão

Scriptor Server Product Manager

Unlocking E-Commerce's True Power: The Essential Step to Flourish in the Modern Digital Era

Elevating Your Business with Integrated E-commerce Solutions on All Your Digital Platforms

Rui Estêvão

Scriptor Server Product Manager

Success Case: Streamlining Business Operations with Scriptor Server

Managing complex administrative tasks across different countries and languages can be time-consuming and...