General Data Protection Regulation (GDPR) can be more than a check-box exercise when it comes to adhering to compliance. It represents an opportunity to achieve operational best practice and gain a commercial advantage. Implementing the systems and processes required by the regulation in the right way can help organizations define and manage the risk and reward associated with processing personal data, and drive greater business efficiency.

What’s more, choosing a solution that balances data protection with accessibility will enable organizations to match the pace of change in the marketplace, ensure success in their digital transformation strategies, identify and seize new opportunities and meet rising customer expectations.

• The operations of 38% of organizations surveyed are highly dependent on sensitive personal content, eg, healthcare, financial, etc. 33% have some sensitive customer or client data. 20% have just basic HR content.
• 36% of smaller organizations, 43% of mid-sized and 52% of large organizations have reported a data breach in the past 12 months. 19% reported a loss due to staff intent and 28% from staff negligence, compared to 13% from external hackers.
• 26% suffered loss or exposure of customer data and 18% lost employee data. As a consequence, 10% received action or fines from the regulator, 25% saw a disruption to business and 18% a loss of customer trust.

• 24% of respondents feel that their senior managers do not take the risks of data privacy breaches seriously. 13% consider that operational considerations override compliance.
• 34% feel that social networks undermine data privacy rules and 43% agree that over-zealous ID checks have a negative impact on customer experience. 68% would like to see governments encourage stronger, tamper-proof encryption.
In EU GDPR will become enforceable law in the EU Member States on 24th of May 2018!

• Fines - GDPR sanctions starting May 2018; the maimum fines will be set at 4% of an organization’s worldwide turnover, or €20 mil;
• Parental consent – requires organizations to verify consent from holder of parental responsibility for children under 16, or 13, if allowed by a member state;
• Breach notification – supervisory authorities must be notified within 72 hours of lerning of a data breach;
• Withdrawal consent – per the newly enacted legislation, prior to giving consent, data subjects must always be informed of their right to withdraw consent;

• Right to be forgotten – the right to have personal data erased „without undue delay” under certain circumstances;
• Applicability – the new law applies to both data collectors and data proccesors, and both businesses and governmental organizations.
They organizations also need to:
• limit processing to the purpose for which the data was collected;
• conduct prior assessments when processing sensitive data that result in risks;
• limit who sees the data (define levels of access);
• keep recording of processing activities, including the types of data, time limits;
• minimize what’s being collected and protect the data.

• Comprehensive data discovery and management to ensure timely and efficient respond to any Data Subject Access Requests (DSAR);
• Intelligently assessment of documents in the repository and fast clarification if they require OCR;
• Automated end-to-end process that can run 24/7 without any staff intervention, emailing periodic notifications of processing statistics and error reporting to the IT Administrator;

• Advanced search functionalities, both advanced metadata based search (templates, subscriptions, search in search) and advanced full-text search;
• Dynamic Security based on the value of the metadata;
• Share Business Content in a dynamic manner using Document Collections;
• Consent management through biometric signature (advanced signature) on a intelligible and clearly distinguishable consent document;
• Right to erasure (‘right to be forgotten’) through Advanced Retention / Records Management.