With the proliferation of cloud and software services that many small and medium sized businesses are signing up for, the way in which data is dispersed over many different systems, handling many different processes and aspects of daily business activity, is something that is likely to cause concern for many considering the effects of GDPR.
Together with GDPR’s requirement of breach notification within 72 hours and keeping records of data processing activities, data erasure or the “right to be forgotten” is one of the highest GDPR priorities. So, the ability to find documents and other electronic information is crucial to being able to remove it!
An article by Warwick Ashford “Finding customer data is big hurdle to meeting GDPR right to erasure” highlights why customer data is likely to be the biggest challenge to fulfilling personal data erasure requests.
GDPR highlights the need to improve the ability of businesses to be able to manage electronic documents and information, and to locate and find personal data. There is also a need to be able to show and log what has happened with the data. One of the key reasons why companies use document management systems is Compliance. With tools to find and associate personal information with documents and other electronic data, and features that log all user/document activity, document management systems can only help businesses in the compliance process. However, they will also need to develop an approach so that disparate cloud and software services can be integrated and information aggregated to make sure that it is all available from one central document and information repository.