After GDPR: How your paper documents could still be affected

Over the past few months, the world has witnessed the frustration many businesses have faced with the implementation of the General Data Protection Regulation (GDPR) coming into action. Although this legislation has been enforced by the European Parliament, it will continue to impact businesses around the world that have relationships with European consumers.

With aims to unify and strengthen the data of European citizens, GDPR is a topic that has been dominating mainstream media around the world in the lead up to its implementation date. Although the 25th of May has passed, and businesses believe that they have become compliant with the regulations, they must continue to monitor and adjust their operations to avoid the harsh penalties that have been set out. These include: 4% annual global turnover or €20m fee – whichever appears greater in relation to the non-compliant organisation.

Although most articles looking at GDPR covers how storing information digitally can be dangerous, we’ve teamed up with Maplewave, who supply retail management software, to look at how keeping traditional records, such as paper documents, in your business could be damaging.

Keeping Paper

With digital alternatives such as the cloud and tablet signatures, many people believe that businesses have turned away from keeping paper documents. However, 31% of businesses are still ‘piled high with paper’ and only 17% are almost paperless all together.

With GDPR now in force, it has never been so risky to store paper documents, as greater responsibility falls upon businesses around the world who find themselves handling such materials. Consumers now have the right to know that their data is being handled in the safest way possible and, if not, this legislation has made it easier for them to seek legal action if they require — to help combat potential data breaches.

Monitoring paper documents and ensuring that they’re handled in line with GDPR can be both a costly and timely job – and may require dedicated teams to keep on top of issues at all times, which some businesses might struggle with; leading them to go paperless.

One part of this legislation that businesses are finding hard to deal with is the right to erasure, which is commonly referred to as the ‘right to be forgotten’ — coming under Article 17 of the regulation. For organisations which have kept information for a long period of time in an insufficient way because there has been no previous enforced structure to follow, this could potentially be detrimental and cause great implications on their business.

With paper documents, you can never be fully sure that you’re being compliant with GDPR and this can present itself as a huge problem. If a customer who has previously given their personal information to your organisation was to make a request to erase their details, you will find yourself asking many questions throughout the process of removal.

You might find it difficult to remember where this information is stored, for instance – whether it is on the premises of your business or has been stored externally. You might even be wondering whether you still have the information; regardless, you will still be required to check, which could slow down business operations on a much larger scale.

Printing Paper

Technology has made its way into our offices — but some businesses have failed to keep up with the times and upgrade their equipment, which could be a problem when it comes to this new legislation. Products are becoming smarter, which is allowing us to have greater control over operational activities. These include printers and fax machines, which are now referred to as internet-capable and end-point devices and although this level of accessibility is beneficial, there are some drawbacks that accompany it.

GDPR issues with printing paper will usually be a result of human error. If a sensitive document has been sent to print and, assuming that the printer does not have a pull-print solution (which allows an authorized individual to release the paper), the wrong person could collect the document. If this document has classified data on it, you’ve had a data breach.

Not having the right solutions in place can make it extremely difficult to manage any paper that comes out of your office essentials, as well as monitor what is sent and what is released. This could make it difficult if you were to have a data breach, as investigations would need to try and find who was responsible and who picked up the documents.

Going paperless would mean that your business has one less thing to worry about when it comes to GDPR. Implementing a paperless strategy would also be cost effective for your business, while offering environmental benefits too.