In light of 25th May deadline ELITE have subsequently enforced a strong stance on data protection and how we store and handle personal information. One of the critical methods to help ELITE facilitate compliance has actually been achieved through DocuWare software.
- We make sure that all document types when received are archived securely in our in-house DocuWare system. This includes e-mails, digital documents and hard copy. E-mails are automatically archived, digital documents are indexed and stored and all hard copy documents are scanned into DocuWare. When documents are stored we have configured the software to run automatic retention schedules so that personal information held within documents is only kept for as long as it serves legal purpose. For example if we receive an invoice, the retention schedule for this document is 7 years and therefore when this date comes around there is an automated deletion tracker to wipe the document from our system permanently.
- Once stored securely the document/data is encrypted AES-standard (military-grade) and archived into filing cabinets. We go a step further by controlling access to any documents which contain personal information by making them only accessible by employees with the subsequent permissions to search or view them – allowing us to further protect personal data of our suppliers, clients and prospects.
- We use disclaimers within enquiry forms on our website and e-mail signatures to inform people that by responding or submitting requests for contact they are offering consent for us to handle their personal data in the form of using their contact details to respond or contact (appropriately) at a later date.
- We have tested our ability to comply with ‘subject access requests’ too. Upon storing documents we destroy the hard copy counterpart or with digital documents we delete them from their native location once put into DocuWare. The same goes for e-mails, we monitor our Outlook folders and pull all e-mails into DocuWare automatically for secure archive and then delete them from Outlook natively. This means that every document type only has one copy and subsequently the very high majority of personal information we handle within these solo copies is in one secure location.
- DocuWare at the point of storage intelligently OCR’s every alphanumerical character on the document. This allow us when using DocuWare’s fulltext search to simply type in the individuals name into our software and every single file regardless of document type that contains this personal data will return in a results list for us to interrogate. The OCR highlights where on the document that personal information can be found and from there we can proactively respond to the request and inform the individual what data we hold and why.
- Because we have full audit trails and full version control on documents we can demonstrate who has accessed and edited the documents containing personal data throughout it’s life cycle offering full accountability and transparency. Also in the case that a document still serves a legal purpose within the business but the individual exercises their ‘right to be forgotten’ we can use DocuWare annotations to redact their personal data from the document whilst still adhering to the relevant document retention policy.
We have also appointed a Data Protection Officer internally who will serve as point of contact for any GDPR related queries as of 25th May 2018. Please contact us below to contact our Data Protection Officer who will be happy to help.