Monday, March 1, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

GDPR Raises the Stakes for Managing Documents

by Jeff Segarra
April 4, 2018
in Data Privacy, Featured
woman standing at office printer

3 Techniques to Ensure Compliance

With GDPR, every business worldwide that markets to EU customers will have new responsibilities and liabilities for how it manages its documents – digital as well as paper-based.  Here, we take a close look at the changes GDPR is expected to impose on the way organizations manage documents containing personal data, as well as strategies for making sure business documents meet these new demands.

The GDPR (General Data Protection Regulation) – which will take effect in May 2018 – is designed to give control of personal data back to European Union residents. It imposes significant new obligations on businesses anywhere in the world that collect and process the personal information of EU citizens in 28 countries. The volume of data collected and the increased variety of data considered “personal” has added to the challenge.

In order to avoid stiff fines, many companies needing to comply have been focused on securing IT infrastructure by ensuring customer databases and ERP systems are impenetrable to outside hacks. This is a good and necessary start, but personal data stored in documents – both paper and digital files – also demands attention. Fortunately, there are relatively straightforward techniques organizations can use to ensure their business documents meet the new GDPR demands.

Digitization of Paper

The first step in the process is to reduce the volume of physical paper through digitization. Contrary to popular belief, GDPR does affect paper documents. For example, if a customer requests his or her “right to be forgotten,” how can you guarantee complete data erasure if this data exists on paper long forgotten or misplaced? While electronic documents are certainly not 100 percent airtight, they are innately more secure (largely because they cannot be physically lost). Also, thanks to retention policies, digital files are unlikely to “live forever” like paper documents often forgotten in file cabinets.

Transitioning to a more “paperless” or “paper-light” way of working by increasing digitization is a key to improving document security for GDPR. Scanning in bulk and using employee mobile capture are two ways organizations can more efficiently convert vast piles of paper-based information to electronic format. Once digitized, these documents are ready for inclusion in automated workflows, which are not only more secure, but create new efficiencies. Still, automated workflows, as well as digitization technologies themselves like scanning, require special measures and precautions.

Automated Workflows

When documents are shared electronically, the risk for GDPR noncompliance soars. One tenet of GDPR is “the rule of least privilege for data access,” which enables processing of personal data only for limited and defined purposes. One of the best ways to ensure adherence to this tenet is limiting access to personal data only to workers who need it. For example, an insurance claims adjustor may not need to see personal customer data when he/she processes a claim. There are numerous ways organizations can ensure sensitive personal data is shared only with those workers who truly need it. These include:

  • Encryption – Businesses need to implement “appropriate technical and organizational measures to ensure a level of security appropriate to the risk” of a breach of personal data. Encryption is one example, where entire documents can be made intelligible only to authorized workers.
  • Redaction – There are sometimes cases where a worker needs to see a document, but not specific personal data within that document. Business analysts, for example, may not need to see personal customer data from survey results as they tabulate the surveys for management. When personal data is identified in a document, it can be automatically redacted (censored or obscured) and stored elsewhere, accessible only to those who truly need it.
  • Content Screening – In email correspondence, documents can be screened by searching content for keywords, phrases and patterns that may signify sensitive information (for example, the word “confidential”), and then validating the sender and recipient. Documents deemed to be at risk are quarantined, and notifications are sent to the sender, supervisor and security.

Multifunction Printer (MFP) Controls

Today’s MFPs do a lot: printing, copying, faxing and scanning documents. They’re a vital holding pen for documents as they transition from electronic format to print and vice versa.  When an MFP is not carefully monitored and controlled, it can be a dangerous off-ramp for sensitive personal data to the outside world. Paper documents are highly prone to security lapses – take for example someone printing a sensitive document to the wrong printer or leaving a document in the paper tray.

One way to address this is called “follow-me printing,” which holds documents in a secure print server until the user authenticates himself/herself at the network MFP of choice. By authenticating before printing and accounting for all output activity, organizations can better protect personal data residing in paper documents. Similar capabilities can be applied for scanning, including requiring authentication prior to scanning and creating an audit trail that tracks who scans and prints what documents and the destination of files. There are even features that allow text identified as sensitive to be automatically redacted as documents are scanned. All of these features can safeguard printing and scanning from the MFP and aid in GDPR compliance.

GDPR Blind Spots

In summary, the focus of GDPR is often placed on cybersecurity threats, server hacks, database vulnerabilities and data stored on and transmitted between servers and networks. While no one is disputing the importance of this, documents – both paper records as well as electronic – are often overlooked or deprioritized, putting citizens’ personal information at risk. GDPR is requiring organizations to implement tighter controls in document management, and the techniques described above cover blind spots that organizations have in the area of document security.


Tags: automationGDPR
Previous Post

Bloomberg Law Analytics Tool Provides Insights Into Health Care Fraud Enforcement Trends And Outcomes

Next Post

TRACE: Insider Trading: The Galleon Hedge Fund Scandal

Jeff Segarra

Jeff Segarra is the Senior Director of Product Management for the Nuance Document Imaging Division. He is responsible for the global team that delivers industry product positioning, messaging and content to help customers around the world identify how Nuance solutions can meet their needs. Jeff enjoys speaking and writing about business process improvement, The Internet of Things, document security, document conversion technologies and personal productivity. He has an MBA from Iona College, Hagan School of Business and has been working with software technology for 20 years.

Related Posts

woman looking at horizon from mountain top

What’s on the Horizon for Anti-Corruption Enforcement?

February 25, 2021
cannabis leaf on $100 bill

The Intersection of EDD and Banking Cannabis

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
Next Post
TRACE: Insider Trading: The Galleon Hedge Fund Scandal

TRACE: Insider Trading: The Galleon Hedge Fund Scandal

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights