Obstacles to implementing the GDPR
The challenges brought about by GDPR cannot be resolved overnight as they require more significant adaptation of business processes, implementation of IT solutions and raising the awareness of employees about the personal data protection.
The General Data Protection Regulation (GDPR) has opened many personal data protection issues. Today personal data are part of all key enterprise business processes. Personal data can be found in paper and electronic documents, information systems, databases, shared folders, cloud storage and other media, not to mention countless folders, filing cabinets and drawers.
Unresolved challenges of implementing GDPR
Since a comprehensive overview of personal data processing requires adjustments to be made to relevant personal data processing procedures, some enterprises only managed to comply with certain aspects of GDPR compliance.
Many problems arising during the operational implementation of the GDPR remain unresolved. The main issues include poor content management of paper documents, exchange of documents containing personal data, and inappropriate storage of such documents.
#1 Failure to control personal data in paper-based documents
Paper-based documents that contain sensitive information and personal data such as personnel files, contracts, and so on, are still widely used. Often they are kept in desk drawers, unlocked cabinets or unsecured archival premises.
Such storage of paper documents constitutes the highest risk in terms of personal data protection since it does not prevent unauthorized data access potentially leading to misuse or abuse of information, does not ensure user activity audit trail, and may cause considerable business damage.
#2 Hazardous exchange of documents containing personal data
Every day employees send each other documents by e-mail or share them via Dropbox or WeTransfer. During such transfers, personal data are not protected any can be subject to data misuse or theft.
#3 Inappropriate archiving of documents containing personal data
Documents are kept in many different systems, making it hard for an organization to have a complete overview over personal data access, in particular since not all systems record user activity. Many employees keep personal data in unprotected Excel spreadsheets or shared folders.
The GDPR requirements prompt the critical need for audit logging, retention periods, and erasure of personal data that may only be kept for the minimum period necessary.
Want to know more? Contact us!