After what felt like an age of build-up, GDPR is now in full effect. Businesses from the mighty to the small have hit the headlines in the time since the legislation became enforced; from Facebook and Cambridge Analytica’s data scandal receiving a fine of only £500,000 because it happened prior to the deadline, to Ticketmaster’s hack that could have breached the GDPR reporting deadline.
Two months after the implementation of GDPR, businesses in the UK and Europe are still struggling with compliance; in fact, Gartner has predicted that 50% of businesses still won’t be compliant by the end of 2018. This month, ICSA: The Governance Institute found that 4 in 5 businesses see GDPR as a drain on resources, which might explain why so many organisations are struggling with compliance.
This fits with another survey conducted pre-GDPR, which found that complying with GDPR subject access requests (SARs) alone would take 172 hours a month for small-to-medium-sized businesses, rising to a staggering 1259 hours per month for larger enterprises (defined as having over 250 employees). This equated to one employee solely dedicated to the task (smaller businesses) or 7.5 employees (larger enterprises).
Let’s break that down a little further; the time estimates are based on the number of SARs a business is likely to receive. For the companies at the smaller end of the scale, 89 enquiries a month are expected. From that, employees will search an average of 23 databases to look for the subject’s Personally Identifiable Information (PII), with each search taking an average of 7 minutes.
Large businesses will see resources strained even further, with 246 subject access requests expected each month, which equates to the 1259 hours a month figure. Much of this time comes from manual, error-prone processes that could be automated, or at least streamlined. There is an alternative.
An electronic document management solution (EDMS) could be the answer.
When it comes to the most comprehensive document management system, it’s hard to look past SharePoint. And as Microsoft continues to evolve Office 365, which has many apps built upon a solid SharePoint foundation, its capabilities have only grown stronger. Importantly, SharePoint Online is a cloud-based solution that is accessible anytime, anywhere, offering businesses mobility; essential in the digital-first world.
A standout feature of SharePoint is its ‘findability’; the ability to search for documents and have a list of tailored results in a matter of seconds. Providing documents are saved in SharePoint, it doesn’t matter whereabouts the document is – you can find it with a simple search. SharePoint’s findability has been likened loosely to Google’s search, so powerful is its internal search engine. Saving all documents in a SharePoint environment, which would be a requirement of having a document management solution in place, means any documentation with a subject’s personal information would be instantly returned.
For businesses looking to comply with GDPR or any number of regulatory bodies, SharePoint comes with the ability to set policies, from the large to the small. In light of GDPR, a key example is a personal information policy, whereby you can dictate that any documentation that holds personal information – like full names, email addresses, phone numbers or even financial information – cannot be shared outside of your organisation. At the moment someone tries to share this document, SharePoint scans it for the criteria, in this case personal information, and blocks the sharing of the document; this safeguards against the inappropriate sharing of sensitive customer or employee information.
SharePoint is more than just a place to hold documents; you can also implement or even improve your processes through it. The revision of policies and processes is a key tenant of the GDPR, in particular policies related to data processing and retention. It’s vital to cascade these policies to employees to ensure GDPR compliance is embedded in your company culture. SharePoint allows you to give access to policy documentation to all employees, and track once they’ve consumed the information. Notifications can be triggered once a document is read, or if employees miss the deadline. SharePoint can even be used as an online Learning Management System (LMS), with policies added to courses that have a quiz to pass to ensure the information is taken on board.
A key tenant of SharePoint is that employees will always be working on a single version of the truth – something which is important for business-critical documents like policies and processes. Functionalities like version control and audit history allow multiple stakeholders to work on the same document – even at the same time with the cloud-based SharePoint Online – without losing important updates to the document.
GDPR is proving to be laborious to businesses only two months after its advent. The ICSA: The Governance Institute survey also found that businesses have hired more staff or external providers to ease the burden, but this is proving costly. Businesses must look to other means to reduce the strain on already-overstretched resources. Implementing an electronic document management system – or utilising an existing one, which will likely be the case for specific sectors like housing and legal – is one of the most viable options, significantly reducing time spent on complying with subject access requests and securely managing documentation with personal information.
Natasha Bougourd is TSG’s Lead Applications Writer, specialising in IT support, Office 365, Microsoft Dynamics Nav, hosted telephony solutions and business intelligence.
TSG is an IT support company that has expertise across a wide range of technologies and has helped businesses achieve GDPR compliance through the use of technology. From Office 365 to Sage and Pegasus ERP solutions to IT support, infrastructure and cyber-security solutions, TSG has a highly-skilled workforce working across all areas of business tech. Holding 8 Microsoft Gold competencies, TSG places focus on a highly-skilled and qualified workforce with over 1000 recognised accreditations between its team of experts, including MSCE Certifications, Prince2 and ITIL qualifications.