Posted by Bonnie Bailly ● 4/17/18 10:31 AM
GDPR and Data Storage: How to Leverage the Cloud for Compliance
GDPR and data storage. If you’re wondering if it applies to you and your data, the chances are, it does. The General Data Protection Regulation, GDPR for short, is a piece of European Union legislation that applies to any organization that handles the personal data of European residents from any of the EU’s member states. Translation: any company with a website that is collecting personal data through forms or chatbots needs to be compliant, as your audience could be anywhere. Under GDPR, you must precisely control where and how you store data because the people you collect it from can ask you to update or delete it at any time. If you don’t comply with their requests, you’ll be subject to heavy fines.
But fines and money aside, GDPR is just good business. The basic tenets of data protection and data privacy formalized by GDPR are nothing new. Listen to Steve Jobs back in 2010. Businesses need to take more responsibility. This regulation is as good a thing for all of us as it is for consumers.
Here at AODocs, data security, privacy, and protection have always been core to our company values. For the last six years, we’ve been working with over 800 customers to help them create powerful business applications that both improve efficiency and ensure security and compliance. With the impending May 25th deadline for GDPR compliance, we wanted to outline some of the ways our customers are using AODocs and cloud storage to help with compliance - generating more profit, happier customers, and generally better business.
Centralize your documents
At a basic level, GDPR requires you to know where all of the data you’ve collected from people is stored at all times. Businesses should conduct a content inventory to know where any and all personal data may be stored and centralize all of their documents containing personal information in a secure repository. AODocs provides the perfect solution, keeping track of critical information and making internal and external audit processes simpler than ever. Moreover, AODocs ensures that end users cannot change data access permissions to these documents, eliminating the risk (that is quite common in Google Drive) that files might accidentally be shared publicly or with unauthorized users.
Some of our customers are using AODocs for GDPR and data storage. For example, a government agency is creating an AODocs library to serve as a registry for all of the information they need to track about employees, students, and customers. If and when they are audited, they will be able to provide an inventory of all the personal data they store and quickly identify its location should they need to give access to information, revise, or delete it.
Automatically detect and manage files containing personal information
As GDPR applies to all content types, performing a good content inventory can be very time intensive and inaccurate if not done well. AODocs’ AI and machine learning technology allows organizations to automatically detect files containing sensitive personal information and create workflows to ensure this data is being managed and tracked correctly.
For example, using Google’s Data Loss Prevention API, AODocs can identify documents with personal data (think spreadsheets listing thousands of people's email addresses, HR documents containing social security numbers, or scans of credit cards and other images containing personal info), and move them into the right AODocs library for appropriate action.
Apply retention and disposition schedules to your files
Again, GDPR is about controlling and respecting the personal information you keep. The ability to delete personal information you no longer need or are authorized to keep is important, and the AODocs Retention app was created to do just this. Moreover, AODocs ensures that these documents are not tampered with during the retention period and can apply legal holds, if necessary. Beyond improving compliance, our retention module helps our clients improve efficiency, save money, and build trust. You can learn more about how to create a winning records management and retention strategy in this webinar.
According to Gartner, by the time GDPR goes into effect on May 25th, less than 20% of all organizations worldwide will fully comply. So, while you can breathe a sigh of relief that you’re not alone, it’s time to get started and put your company on the road to compliance. It’s not just about avoiding heavy fines but about giving people the respect and privacy they deserve.
Disclaimer: This post is not legal advice for complying with GDPR. We recommend consulting an attorney to understand the implications of GDPR for your organization.