Breaking Down GDPR Compliance
When the European Union’s General Data Protection Rule (GDPR) went into effect on May 25, 2018, it marked a big day for corporations doing business in Europe. This law can be daunting to implement and may require much change, time and patience, depending upon your company. All in all, these practices are in the best interest of our customers and clients, whom we need to protect. To help keep your organization compliant, here’s a simple breakdown of the law:
GDPR Background and Summary
GDPR replaces Europe’s longstanding Data Protection Directive 95/46/EC with regulations governing the processing of personally identifiable information (PII) of individuals inside the European Union. GDPR is broader in scope than its predecessor. Now organizations, regardless of location, that do business with the European Economic Area, must abide by the law’s requirements. They address the following activities:
- Data retention
- Data destruction
- Data automation
- Data breach reporting
- Data processing record keeping
Penalties for non-compliance with GDPR can reach up to €20 million or 4% of annual turnover, whichever is greater.
GDPR and Data Destruction
GDPR calls for an increased focus on your organization’s information destruction practices. It’s not acceptable to hoard documents and data indefinitely. Article 5 of GDPR states that personal data be “kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed…”
To comply with GDPR, keep paper records and data only as long as required by the law. Consult with an attorney to confirm your retention obligations. Establish routine document purges and a scheduled shredding program to stay in compliance with the law.
GDPR and Information Access
GDPR calls for a heightened awareness of privacy protection and access to information. Its right of access article gives consumers the right to request and receive copies of their personal data. Its right to erasure article gives consumers the right to request the deletion or removal of any collected personal data when there is no compelling reason for its continued retention. As a result, it’s important to know where your information is stored and be able to access it quickly. A qualified record management partner can provide a document archiving and tracking solution that complies with GDPR requirements.
GDPR and Breach Reporting
Even if you already have a data security plan in place, you must also make sure it aligns with GDPR requirements. GDPR-affected companies have a maximum of 72 hours after becoming aware of a breach to notify the supervisory authority. If you’re not yet in compliance with GDPR, it’s a good time to start bringing your organization up to speed with the law’s requirements. If you’d like to read more on this law, it can be found here.
Kent Record Management provides records storage and information management services for businesses throughout Michigan. We’re here to help with all your record management and information security needs. To learn more, please contact us by phone or complete the form on this page.
"We are all very impressed with Kent Records! From the beginning, everyone has been helpful and available, via email or phone. The simple, easy-to-use platform and personal customer service make all the difference in the world!"
Operations Assistant /American Board of Emergency Medicine
"When the decision was made to expand our Traverse City office as well as improve office efficiencies, we called Kent Records Management. Their exceptional service and reputation that is prevalent in the Grand Rapids area made the call an easy one. Kent Records Management works with the customer to make sure all needs are met while they maintain the utmost professionalism and confidentiality."
– Diane Zandstra
Vice President, Access Point
"You make it so easy to do business with you!"
Post Closing Specialist & Title Coordinator, Member Advantage Mortgage
"I just wanted to drop you a quick line to let you know that we have been a very satisfied customer of Kent records for about 10 years now. The service we receive for hardcopy and media from the Kalamazoo location is excellent!"
Team Member, Coca-Cola
"Your staff came so quickly to take care of our shredding needs! We appreciate who they are and what they do in your business!"
"We really enjoyed working with [Kent Record Management] on our shredding project. Your staff were extremely pleasant and very helpful – it was a true pleasure! We were amazed at how fast it went!"
Vail Rubber Works
"Thank you for providing such great customer service. Our documents are very sensitive and I never have to worry about them getting into the wrong hands. Today (a courier) picked up my shred container. He was polite, professional and got the job done quickly. He was also very thorough in making sure that my documents were locked and secure as he took them from our storage to the truck. I was very impressed with his service."
“MANN+HUMMEL USA INC has been using Kent Records for the storage of a wide variety of business records for more than 10 years. We find the people at Kent Records deliver a high level of customer service. We find them very responsive to our requests and the timely and efficient service has been greatly appreciated. When we request record retrieval, we find the records to be well maintained and in excellent condition. We feel confident that record destruction is being accomplished safely, securely and within the specifications established by our company. We feel confident in the reliability, safety, security, and efficient services provided to us by Kent Records.”
"Our courier from Kent Records is always pleasant and we enjoy seeing him! He also solved my personal shredding problem by selling me two of your shredding bags that I can fill up and deliver to your offices."
“Always good working with KRM - everyone is so helpful and pleasant.”
– Honey Blemaster
Sparrow Health System