It’s simply impossible to comply with the GDPR Regulation without a digital document management system.

With the new GDPR Regulation fast approaching (May 2018 in fact), all businesses need to start the process of ensuring they are compliant before May 2018. Otherwise businesses could incur huge penalties which could seriously affect their bottom line and reputation.

According to the Digital Clarity Group, “The GDPR could be a mortal threat to your company’s existence — and it makes fundamental decisions about data collection, processing, and storage into key strategic business issues. An adequate response requires C-level (and even board-level) attention and involvement immediately.”

Where to start?

Under the Regulation, you must not only comply with the six general principles, but also be able to demonstrate your compliance (in other words, provide documentation). The six principles state that personal information shall be:-

  1. Processed lawfully, fairly and in a transparent manner.
  2. Collected for specified, explicit and legitimate purposes.
  3. Adequate, relevant, and limited to what is necessary.
  4. Accurate and, where necessary, kept up-to-date.
  5. Retained only for as long as necessary.
  6. Processed in an appropriate manner to maintain security.

So far, so good. But let’s think about a few of the specific document and data challenges created by GDPR.

For example, “The Regulation largely preserves the existing rights of individuals to access their own personal data, rectify inaccurate data and challenge automated decisions about them. The Regulation also retains the right to object to direct marketing. There are also potentially significant new rights for individuals, including the ‘right to be forgotten’ and the right to data portability. The new rights are complex and it is not clear how they will operate in practice.” For purposes of the GDPR, any semantic differentiation  between “data” and “content” is largely irrelevant.

Each organisation must have a person or persons charged with guaranteeing compliance — the data protection controller.  If you act as a data controller, you must keep a record of the following information:-

  • your name and contact details and, where applicable, any joint controllers, representatives and data protection officers;
  • the purposes of the processing;
  • a description of the categories of data subjects and of the categories of personal data;
  • the categories of recipients, including recipients in third countries or international organisations;
  • details of transfers of personal data to third countries (where applicable);
  • retention periods for different categories of personal data (where possible); and
  • a general description of the security measures employed (where possible).

If you employ a data processor, you must contractually ensure that THEY also do similarly.

These are just a few examples.

If you ever needed a solid reason to deploy a document management solution – the GDPR is it. Trying to comply with the complex requirements of the GDPR without automated processes is impossible.

Whether you are a European company or an organisation that only has European customers, the basic assumptions governing document and data privacy and security are changing radically. Which means you need to get serious about digital document management.

For further help about implementing a document management system, please contact the team on 0161 667 3390 or email

Alternatively, please take a look at our Case Studies to see how our document management solutions have hugely benefited our clients: Case Studies.