www.ser.de www.ser.at www.ser.ch www.ser-solutions.com www.ser-solutions.fr www.ser-solutions.ru www.ser-solutions.pl www.ser-solutions.es www.ser-solutions.pt www.ser-solutions.com.tr www.ser-solutions.nl www.ser-solutions.cn www.ser.ae

EU General Data Protection Regulation

Are you well equipped to fulfill the new requirements?

EU GDPR: Are you prepared?

Which new compliance requirements does the EU GDPR place on your information management system? How can you fulfill them? You'll find the answers here.

Do you sell goods or services to partners and customers located in the European Union? Do you capture, store and analyze personal data? If the answer to these questions is "yes", then the EU General Data Protection Policy (EU GDPR) applies to you.
 
In the past, companies were able to shift some of the responsibility for protecting personal data to others. With the EU GDPR, however, companies are once again fully responsible for correctly and securely handling this kind of sensitive information.
 
Find out how you can shoulder this responsibility with the certified ECM system Doxis4 and which steps will help you to meet the EU GDPR.

More



EU GDPR in brief EU GDPR in brief

EU GDPR in brief »

Everything you need to know about the EU General Data Protection Regulation

New requirements Neue EU-DSGVO-Anforderungen

New requirements »

Which company areas and processes does it affect?

Tips & solutions Tipps & Lösungen zur EU-DSGVO-Compliance

Tips & solutions »

EU GDPR compliance with Doxis4

Is your company prepared for the EU GDPR?

 

 

Is your company prepared for the EU GDPR?

Source: SER study, ECM Insights, n = 1,826 CIOs, process managers and IT managers from companies from all industries with over €100 million in revenue

What is the EU GDPR?

What is the EU GDPR?

The EU General Data Protection Policy (EU GDPR) is a new EU regulation that affects companies in all EU member states. It harmonizes the rules according to which companies and public authorities across the EU handle personal data.

Which penalties are possible in cases of non-compliance?

The introduction of the EU General Data Protection Policy (EU GDPR) increases the liability risk for data breaches not only for companies, but also for business leaders, employees and internal data protection officers.

If a company does not comply with the EU GDPR, starting May 25, 2018, it will face a penalty of up to 20 million euros or 4 percent of its total revenue (whichever is higher). What's more, those responsible for data protection can be held liable and face compensation claims and fines.

Which penalties are possible in cases of non-compliance?

Find out how ECM can help you comply with the EU GDPR

Read more »

What kind of requirements will your company face?

The EU GDPR also stipulates that when handling personal data, companies must protect it from manipulation using the appropriate technical and organizational measures.

  • The right to erasure (Article 17, EU GDPR)
  • The right to data portability (Article 20, EU GDPR)
  • Security of processing (Article 32, EU GDPR)

The right to erasure (Article 17, EU GDPR)

Customers, employees and business partners have the right to erasure, which means they have the right to demand the deletion of their personal information if it is no longer obliged to be stored.

The right to data portability (Article 20, EU GDPR)

The right to data portability stipulates that individuals have the right to obtain personal data from a contract partner and to transfer this to a different partner, e.g. if a new contract is made.

Security of processing (Article 32, EU GDPR)

The EU GDPR also stipulates that when processing personal data, companies must protect it from manipulation using the appropriate technical and organizational measures.

Which company areas and processes does it affect?

Since customers, partners and employees have the right to access, correct, retract consent or request the deletion of their personal data, companies need the right IT systems to fulfill these new requirements. According to a current Commvault study, more than every second company does not know how long it needs to find personal data and respond to a request to, for example, delete data. This may take several days. It's not surprising, considering that millions of personal documents are often stored in several different locations, for instance on file servers, in email mailboxes or in the cloud. With a certified ECM system such as Doxis4, you can easily eliminate these information silos and manage personal data in a uniform, centralized and secure manner.

The EU GDPR also requires that your company implement a more comprehensive data policy. This enables your company to handle personal data in compliance with the EU GDPR and to fulfill the new requirements regarding transparency, documentation and reporting. In this regard, a certified ECM system such as Doxis4 provides support throughout the process — from drafting, revising, releasing and enforcing the data policy, to accessing and storing data policy documents, and then archiving them in an audit-proof way.

In light of the steep penalties for non-compliance, it is crucial that data processing is seamlessly documented. This enables you to prove compliance, to identify risks early on, and to effectively react to security problems in conformity with the law. Doxis4 helps you to fulfill these documentation requirements.

Which company areas and processes does it affect?
What kind of requirements will your company face?

The most important questions about the EU GDPR

 Für wen?


The EU GDPR regulation applies to companies in the EU that collect, process, store, transmit and analyze personal data.

Who has to comply with the EU GDPR?

Warum?


The goal of the EU GDPR is to harmonize and streamline data protection within the European Union. The same level of protection for personal data applies to every country in the EU. In the past, each member state had its own laws regarding privacy and data security. The EU GDPR now standardizes this. International companies benefit from the uniform legal requirements and can treat customers from diverse countries equally.

Why does the EU GDPR exist?

Ab wann?


The EU General Data Protection Policy was already put into effect in April 2016. The grace period will end on May 25, 2018. After that, companies must comply with the new regulations, otherwise they will quickly face penalties.

Starting when does the EU GDPR go into effect?

What you can do: Five ways to ensure compliance with EU GDPR

Time is running out. Act now and avoid penalties when the deadline comes. Don't push off dealing with the EU General Data Protection Policy. Here are five steps that will help you:

  1. Start investigating:
    Find out which personal data and documents are in your company and where they are stored.

  2. Centralize:
    Get rid of those information silos and migrate all personal data to a centralized ECM system.

  3. Manage:
    Determine how personal data should be used and who can access it. After all, you have to be able to identify, release and, if requested, delete data at any given time.

  4. Protect:
    Set up security and control mechanisms to prevent, identify and react to vulnerabilities and data protection breaches.

  5. Document:
    Start storing required documentation and manage data inquiries and notifications regarding data protection breaches.

What is personal data?

Personal data is all information relating to an identified or identifiable natural person. This includes names, mailing addresses or bank/account information and social security numbers. Documents containing personal data may be contracts, orders, invoices or emails.

According to a Trend Micro study, there is a certain level of uncertainty about which data is personal and therefore must be protected:

  • In one survey of respondents in Germany, only 35 percent were certain that the birth date of a customer is classified as personal data.
  • Furthermore, only 64 percent think that only a marketing database contains personal data.
  • About 34 percent do not consider a customer address as being personal data and 23 percent do not see an email address as personal data. These assumptions are, of course, wrong.
What does the Trend Micro study have to say about personal data?
What does the Trend Micro study have to say about personal data?

We can help you comply with the EU GDPR — with Doxis4!

A certified ECM system such as Doxis4 is a solid basis for complying with the EU GDPR. It enables you to store the personal data of your customers and business partners in a centralized and audit-proof manner, while also protecting it from manipulation or theft.

Quote: EU GDPR
Delete personal data in a traceable way

Delete personal data in a traceable way

Doxis4 gives you a way to automatically and traceably manage retention rules and deletion deadlines for personal data, such as contract data. Furthermore, it is also possible to set up deletion locks for an unlimited period of time for a document. If the retention period of personal data is unknown, the EU GDPR-certified Doxis4 protects the personal documents from modifications, even if they have no retention deadline. (Art. 32 – EU GDPR).

If customers or employees invoke their right to erasure (Art. 17 – EU GDPR), you can lift the deletion locks at any time once the legal retention period has ended. Furthermore, you can be sure that data deletion is automated, complete and physically traceable.

Protect and transmit personal data

If needed, Doxis4 can also provide customers, employees, and business partners their sensitive personal data and documents in a structured and machine-readable form. You are thereby also able to provide proof of who accessed and modified which personal data and when. As required by the EU GDPR, data is provided in a structured and machine-readable format (Art. 20 – EU GDPR).

Protect and transmit personal data

Get in touch to find out more