Clutter & GDPR – Take The First Step Towards A Paperless Office
GDRP applies to ‘personal data’ meaning any information relating to an identifiable person. This includes automated personal data and manual filing systems where personal data is stored and accessed.
Article 5 of the GDPR requires that personal data shall be:
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Leaving aside the aspect of lawful basis for processing personal data for the time being, I would like to focus your attention on data protection by design.
The GDPR requires businesses to have in place appropriate technical and organisational measures to safeguard individual rights. This means that you must integrate data protection into your processes and business practices, throughout your client’s life-cycle. If you haven’t begun to think about this, then now is the time. Do not put this on hold any longer.
You must now, by law, consider data protection and privacy issues in everything you do and make data protection an essential component in your business processes.
One of the keys aspects of data protection by design is to ensure that personal data is automatically protected in an IT system. This is not a new phenomenon; there are number of companies providing this solution.
Beside ensuring the best technical systems are in place, you must also consider your organisational processes, and the physical design of your office. It is the responsibility of senior management for developing a culture of privacy awareness, which should be embedded in all internal processes, which includes paperwork and filing.
Things to consider when adopting appropriate measures by design, is to:
Minimise the processing of personal data;
Implement organisational processes to deal with personal data throughout the client’s life-cycle;
Consider the risks that the processing poses to individuals’ personal data;
Pseudonymisation personal data as soon as possible;
Keep data collection to a minimum, only collect personal data that is necessary;
Develop a business road-map (if you haven’t already) and maintain it;
Provide actionable guidelines and;
Implement a preventative not reactive approach.
We focus on the physical design and processes of your office and will work with you to establish a streamlined and paperless office, to ensure full compliance with the GDPR. We review the organisational and filing systems in place and assist your company to take the crucial step towards becoming a paperless office.
We can also assist with the creation of a business system mapping of core processes and operations and highlight various data flows.