No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

GDPR Raises the Stakes for Managing Documents

by Jeff Segarra
April 4, 2018
in Data Privacy, Featured
woman standing at office printer

3 Techniques to Ensure Compliance

With GDPR, every business worldwide that markets to EU customers will have new responsibilities and liabilities for how it manages its documents – digital as well as paper-based.  Here, we take a close look at the changes GDPR is expected to impose on the way organizations manage documents containing personal data, as well as strategies for making sure business documents meet these new demands.

The GDPR (General Data Protection Regulation) – which will take effect in May 2018 – is designed to give control of personal data back to European Union residents. It imposes significant new obligations on businesses anywhere in the world that collect and process the personal information of EU citizens in 28 countries. The volume of data collected and the increased variety of data considered “personal” has added to the challenge.

In order to avoid stiff fines, many companies needing to comply have been focused on securing IT infrastructure by ensuring customer databases and ERP systems are impenetrable to outside hacks. This is a good and necessary start, but personal data stored in documents – both paper and digital files – also demands attention. Fortunately, there are relatively straightforward techniques organizations can use to ensure their business documents meet the new GDPR demands.

Digitization of Paper

The first step in the process is to reduce the volume of physical paper through digitization. Contrary to popular belief, GDPR does affect paper documents. For example, if a customer requests his or her “right to be forgotten,” how can you guarantee complete data erasure if this data exists on paper long forgotten or misplaced? While electronic documents are certainly not 100 percent airtight, they are innately more secure (largely because they cannot be physically lost). Also, thanks to retention policies, digital files are unlikely to “live forever” like paper documents often forgotten in file cabinets.

Transitioning to a more “paperless” or “paper-light” way of working by increasing digitization is a key to improving document security for GDPR. Scanning in bulk and using employee mobile capture are two ways organizations can more efficiently convert vast piles of paper-based information to electronic format. Once digitized, these documents are ready for inclusion in automated workflows, which are not only more secure, but create new efficiencies. Still, automated workflows, as well as digitization technologies themselves like scanning, require special measures and precautions.

Automated Workflows

When documents are shared electronically, the risk for GDPR noncompliance soars. One tenet of GDPR is “the rule of least privilege for data access,” which enables processing of personal data only for limited and defined purposes. One of the best ways to ensure adherence to this tenet is limiting access to personal data only to workers who need it. For example, an insurance claims adjustor may not need to see personal customer data when he/she processes a claim. There are numerous ways organizations can ensure sensitive personal data is shared only with those workers who truly need it. These include:

  • Encryption – Businesses need to implement “appropriate technical and organizational measures to ensure a level of security appropriate to the risk” of a breach of personal data. Encryption is one example, where entire documents can be made intelligible only to authorized workers.
  • Redaction – There are sometimes cases where a worker needs to see a document, but not specific personal data within that document. Business analysts, for example, may not need to see personal customer data from survey results as they tabulate the surveys for management. When personal data is identified in a document, it can be automatically redacted (censored or obscured) and stored elsewhere, accessible only to those who truly need it.
  • Content Screening – In email correspondence, documents can be screened by searching content for keywords, phrases and patterns that may signify sensitive information (for example, the word “confidential”), and then validating the sender and recipient. Documents deemed to be at risk are quarantined, and notifications are sent to the sender, supervisor and security.

Multifunction Printer (MFP) Controls

Today’s MFPs do a lot: printing, copying, faxing and scanning documents. They’re a vital holding pen for documents as they transition from electronic format to print and vice versa.  When an MFP is not carefully monitored and controlled, it can be a dangerous off-ramp for sensitive personal data to the outside world. Paper documents are highly prone to security lapses – take for example someone printing a sensitive document to the wrong printer or leaving a document in the paper tray.

One way to address this is called “follow-me printing,” which holds documents in a secure print server until the user authenticates himself/herself at the network MFP of choice. By authenticating before printing and accounting for all output activity, organizations can better protect personal data residing in paper documents. Similar capabilities can be applied for scanning, including requiring authentication prior to scanning and creating an audit trail that tracks who scans and prints what documents and the destination of files. There are even features that allow text identified as sensitive to be automatically redacted as documents are scanned. All of these features can safeguard printing and scanning from the MFP and aid in GDPR compliance.

GDPR Blind Spots

In summary, the focus of GDPR is often placed on cybersecurity threats, server hacks, database vulnerabilities and data stored on and transmitted between servers and networks. While no one is disputing the importance of this, documents – both paper records as well as electronic – are often overlooked or deprioritized, putting citizens’ personal information at risk. GDPR is requiring organizations to implement tighter controls in document management, and the techniques described above cover blind spots that organizations have in the area of document security.


Tags: AutomationGDPR
Previous Post

Bloomberg Law Analytics Tool Provides Insights Into Health Care Fraud Enforcement Trends And Outcomes

Next Post

TRACE: Insider Trading: The Galleon Hedge Fund Scandal

Jeff Segarra

Jeff Segarra

Jeff Segarra is the Senior Director of Product Management for the Nuance Document Imaging Division. He is responsible for the global team that delivers industry product positioning, messaging and content to help customers around the world identify how Nuance solutions can meet their needs. Jeff enjoys speaking and writing about business process improvement, The Internet of Things, document security, document conversion technologies and personal productivity. He has an MBA from Iona College, Hagan School of Business and has been working with software technology for 20 years.

Related Posts

origami tiger

Paper Tigers Won’t Protect You: The Reality of Effective NIS2 Compliance

by Hans Kayaert
March 24, 2025

Why Belgium's early adoption model could prevent another round of ‘compliance theater’ across Europe

examining data on laptop screen

Privacy Rights Surge Forces Rethink of Data Management

by Gal Ringel
March 14, 2025

As global privacy regulations multiply, organizations face mounting pressure to efficiently respond to data subject requests amid complex data environments

gdpr website screenshot

In the World of JavaScript, GDPR Consent Forms Merely Scratching the Surface

by Rui Ribeiro
December 16, 2024

Consent forms alone don’t mean much when consumers are so tired of checking boxes they don’t even read the policies

us map black and white

Minnesota Latest State to OK Consumer Data Privacy Law

by Amanda Novak
August 26, 2024

Measure set to go into effect for most covered entities next summer

Next Post
TRACE: Insider Trading: The Galleon Hedge Fund Scandal

TRACE: Insider Trading: The Galleon Hedge Fund Scandal

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights