3 things with regards to Document Management and GDPR

A Document Management (DM) is about creating, storing and controlling documents, which has become increasingly important in light of the upcoming General Data Protection Regulations (GDPR). To comply with GDPR, you need to look at how documents and data are currently managed within your company. Here are 3 key areas of Document Management that reflect best practice in line with GDPR compliance.


In the case of a ransomware attack, how easily could the virus access your company’s data – including staff records or customer bank details? Using a Document Management (DM) means that all files are encrypted on entry and documents are held as images. Your data and documents are then in a much less vulnerable position and minimise risks in case of an attack. Encryption of data is an important aspect of being compliant with GDPR and reflects best practice.

Role Based Access Control

One of the key criteria of the GDPR is to ensure that information and data is locked down, not only protected from the outside world but also within the company itself. Do you really need your Marketing Manager to have access to a customer’s direct debit, or a temp to be able to email or print documents? Staff should only have access to the information they need to do their job. With DM, rules can be put in place so that information access can be restricted.

Retention Control

It is a business’ responsibility to not only ensure that paperwork is stored safely and securely, but also to make sure that it is stored for the appropriate period, in line with the current legislation. For example, financial documents must be stored for up to 7 years, but CV’s should be destroyed as soon a position has been filled – no need to store someone’s personal information at this point. Effective DM can help maintain best practice across the business by storing personal data correctly and flag any documents that have reached the correct time frame for deletion.

Darren Cairney, IT Manager of Document Data Group commented, “When you compare a windows file structure and associated permissions with a document management DM, you can see how a DM is the next step in securing your business-critical data. Windows is by default open until closed with most users unaware that their newly created ‘Shared Docs’ folder could allow all users with read/write access. DM can be set up to allow, ‘no user’ any rights until granted, you can restrict, what is searchable and even what can be seen on the document itself.

According to David Reilly, Data Protection Officer at Create Ts and Cs, “Personal Data and how it is managed has become an even more important business issue because of GDPR.  Treating personal data with respect and in-line with legislation is a decision a company takes in order to manage the business risk.  Deploying the right systems and the correct expertise will go a long way to helping your organisation manage personal data and comply with GDPR”.


Would you like to chat through your options and get your queries answered? Arrange a call with David using the calendar below and he will be delighted to connect with you.