There are now only 10 months to go until the juggernaut of GDPR formally enters into force, but already the impact is being felt by businesses across all sectors.
It is easy to see how businesses with big customer databases are affected, such as banks and telecoms providers. But the impact will also be felt across other less obvious sectors.
Take franchise businesses for example, such as food retail outlets like McDonalds, Subway, Nandos and Starbucks. These businesses all handle what is known under the GDPR regulations as personally identifiable information and so will fall within its scope.
The GDPR applies to personally identifiable data relating to EU citizens, including names, ID number, location data, contact data and online identity. The GDPR’s definition makes it clear that information such as online identifiers, which would include an IP address or a Twitter handle, can be personal data.
This means that marketing databases which are often used by franchise outlets, including e-mail and IP addresses and social media accounts, all come within the GDPR and a loss of such data would comprise a data breach. Any business that is carrying out marketing activity must now make absolutely sure that they have the necessary permissions to do so, otherwise this will also constitute a breach.
The GDPR applies to both automated personal data and to manual filing systems where personal data is accessible. This includes chronologically ordered sets of manual records containing personal data. So HR information about franchise employees will also fall within the scope of GDPR.
In a sector where the turnover of staff is very rapid and many are on temporary or zero hours contracts, it is no easy feat to keep track of all of this HR information. To comply with the data handling principles of GDPR, businesses must first of all know exactly what personal data they hold, where it is located and how they can access it easily. When much of this documentation, such as passports, bank statements and work visas comes in paper form that is no easy task.
This is where a leading edge document management system such as Intelefile can really help a business to meet the requirements of the GDPR. Intelefile offers to employers the ability to scan paper documents, electronically store them in a secure location, archive and access them at the touch of a button via the Intelefile portal.
The GDPR requires companies to have formal processes in place to manage the data that they hold. This means they must be able to store it safely for long periods of time and also be able to completely erase it upon request by the data subject. The Intelefile document management system gives the employer the ability to put these processes in place very easily and quickly.
The sanctions for breach of GDPR data handling principles are game changing – up to €20m or 4% of the company’s annual turnover. The risk posed by such sanctions cannot be ignored. Intelefile can help any company faced with mountains of paperwork to keep on top of it and avoid being hit by large regulatory fines.
You can find out more about Intelefile here.