4 Questions to Ask About Content Management for GDPR Compliance

Guest post by Wasim A. Khan, Head of Xerox Global Digital Solutions & General Manager, DocuShare

Wasim A. Khan

The EU General Data Protection Regulation (GDPR) carries provisions that require businesses to protect the personal data and privacy of EU citizens. An enterprise content management platform provides greater control, insight and predictability in addressing regulatory compliance like the GDPR. Effective ECM deployment and use bring a structured approach to your data and compliance.

What to Ask About Content Management and GDPR

Before you invest in content management, ask these four questions to identify a platform suited to GDPR support.

  1. How well can you find the information you need now?

A content management platform provides a structured approach for capturing, storing and retrieving records by finding and indexing key information for fast retrieval. Rather than manually processing many paper documents and possibly losing data, DocuShare content management helps companies stay clear of hands-on processes. With more optimized processes and intelligent document processing solutions, companies can embrace compliance with the new GDPR regulations.

  1. How do you know you’re managing document retention periods correctly?

Organizations benefit by setting document retention periods in advance based on the purpose for which the personal data is processed. DocuShare Content Rules Manager enables the creation of content rules by collection or by document type in accordance with deletion principles, including recurring and ad hoc deletion. Automated content retention provides a proactive approach to the way data is managed.

  1. How confident are you that documents stay private and secure?

A key step to protecting content occurs when cataloging the available content. The Xerox DocuShare Life Cycle Manager associated with the Content Rules Manager module helps identify personal data and map each element with the conditions listed in the GDPR. Once captured, indexed and stored, this content can be managed through six levels of user permissions within DocuShare as well as with ConnectKey technology, DocuShare mobile apps and data-in-use encryption.

  1. How well can you respond to an access request?

A content management platform provides a structure for managing policies and procedures for responding to a data subject’s request, as well as rapid retrieval of targeted records. (A data subject is the person associated with the data.) DocuShare makes it possible for data subjects to request updates to their personal data. Reports based on metadata check accuracy and relevance.

A well-architected content management platform helps with classification of content and role-based access. It makes reporting available on attributes such as document type, content and lifespan to keep information request plans evergreen.

How to Prepare for GDPR with Content Management

GDPR has brought updates to existing privacy legislation and introduced new guidelines to the handling of data. By asking these four key questions, you can be better prepared with a content management platform that supports GDPR practices.

Although May 25, 2018 has come and gone, the GDPR discussions are far from over. What is some of the best GDPR advice you’ve received? Anything GDPR-related still bothering you? Share your ideas and observations with me at wasim.khan@xerox.com, and perhaps we’ll have a conversation about them in a future blog.

In the meantime, expand your compliance knowledge with this on-demand webinar: “Make Compliance Easier: Build Document Workflow with Apps.”

Related Posts

One Comment

  1. Mike Spang July 10, 2018 -

    Wasim … good article. I an in full agreement with listing Capture & Document Understanding as the basis for automating the indexing process. Then documents can be searched, associated and retrieved for compliance purposes.

Comments are closed.