How to prepare for GDPR - our scanning expert's guide to getting started

How can I prepare for GDPR? This is a question small or medium sized businesses are reluctant to address, either not fully understanding the implications of non-compliance, or are at a loss as to where to begin. 

Preparing for General Data Protection Regulation (GDPR) can’t begin soon enough, as tough business-breaking fines become enforceable in May 2018. It is a complex issue and whilst business owners will eventually need to understand it fully, it’s good to have a basic overview plus some pointers as to where to turn next.

At Midwich we've been working closely with our vendor partners and have had deep insight into the regulation along with visibility of tools and technology that are out there to help SMBs begin their journey towards compliance.

This blog is aimed at helping SMB's make a start with their initial steps as they prepare for GDPR.

What is GDPR?

In a nutshell, GDPR is all about the security and relevance of held data that can identify an individual. It’s more than simply a name, address and date of birth. It could be driving licence details held by HR teams, staff photos and images on CCTV to name but a few.

6 main GDPR requirements

GDPR is in place to ensure that anyone holding personally identifiable data (PID) can prove consent, security and management of that data. It’s enforcing the rules that us as individuals would want to think existed to protect our own personal data, after all we don’t want anyone having access to our own details without our permission or for something totally irrelevant.

Because of this and of the advancement of much larger and worrying security attacks on businesses, although not the definitive list, here are the main questions GDPR needs data holders to ask themselves;

1 Right to access – can you find all the data you hold on an individual?

2 Retention periods – how long can you hold the data for?

3 Data erasure – the right of an individual to be forgotten (all trace removed)

4 Privacy by design – are you building in security steps from the outset?

5 Security – how many copies of your documents exist?

6 Consent – do you have consent to hold the data and how will you use it?

Don't forget, GDPR is not just about being compliant but proving safeguarding practices in a court of law - you need a water-tight audit trail too.

Self-assessment and more details on GDPR

It is a detailed regulation and self-tutoring and investigation on all the requirements needs to be carried out by individual companies themselves and for this, businesses should check out the main sources of advice.

Below are links to the official places to start from and some easy-to-implement first steps that pretty much most companies would benefit from.

Frequently asked questions

Self assessment

Information for organisations 

GDPR data processing – where to start?

If desks and filing cabinets are overflowing with paper and archive cabinets are stuffed full of information containing personally identifiable information (PID), not only will a paper-based business find it difficult to find and sort through data - it’s going to be very time-consuming too. What will they do with that data once they’ve found it?

How to prepare for GDPR - document scanners and software to the rescue!

Data management and processes to help towards GDPR compliance can start with simple digital transformation of information. Simply put, we mean scanning in paper-based documents to create digital records.

Once papers are scanned, they can be filed in a multitude of places, whether on a network, on the Cloud or locally-based PC files. Most document scanners have built-in software that will help with the filing and recording processes. This step alone will help businesses manage their data quicker and bring immediate savings in time and overall efficiency. It will also automatically give a degree of security with less access to paper-based files.

Increased level of data management for GDPR preparation

For better data retrieval and action functionality, specific software is the way forward. Our scan vendor partners have been working with leading software providers in order to offer solutions which are specifically geared up to helping businesses with their GDPR preparation.

As anyone familiar with Fujitsu’s range will know, they are well placed to help a wide range of customers from SMBs and SOHO to Public Sector and large corporates, whether via compact desktop, slim portable devices or larger, departmental and production scanners. Fujitsu’s entry level ScanSnap range can quickly and intuitively scan to a multitude of destinations such as a cloud account or local folders. By digitising data it’s a start in the process to making data management quicker, more efficient and more secure.

With a diverse range of scanners in place, Fujitsu wanted to explore further ways in which they could help customers manage their data and prepare for the May 2018 deadline.

As a result, they’ve partnered up with EASY Software UK whose sister company Otris Software AG have been working on privacy management solutions over the past 12 years in heavily regulated Germany. Their award-winning (Document Manager Awards "Compliance Product of the Year 2017) software has been developed to make the identification and subsequent management of personal data easier. It’s all very well knowing you’ve scanned all your documents securely, but finding the data you need from across all the various data entry points you use could be a problem.

EASY Software UK’s privacy management system software can provide the single source of the truth on personally identifiable data sources, helping catalogue and more importantly, action and update any data management processes necessary to keep customers compliant with GDPR. This software will be key to any organisation with large amounts of personal data to manage and in becoming more GDPR enabled with for example regular audit reports and handling of subject access requests from day one.

Fujitsu scan solution for GDPR preparation

At Midwich we’re confident that the Fujitsu and EASY Software partnership offers one of the most comprehensive scanning and software combination available on the market and will be able to help many customers on their road to GDPR compliance. 

Our scanning specialists are on hand to advise you on the best solutions, bespoke to your customers’ needs.

For more details on GDPR and this scanning/software solution available through Midwich, download our latest guide GDPR Guide.

Digitised Data Security

Emma Filmer

Business Development Manager

Document Solutions