This page explains how businesses that gather and store customer information can use GLOBODOX as a tool to help with GDPR compliance.
What is GDPR?
The General Data Protection Regulation (GDPR) is a regulation that enforces strict data protection and governance protocols on businesses handling personal information of individuals belonging to the European Union (EU).
The regulation, passed by the EU parliament in May 2018, purports to give people (both customers and employees) more control over their personal data. Personal data includes anything, right from the name, address, phone number, and email ID to government ID, medical information, and the IP addresses of people belonging to the EU.
It is crucial to note that the GDPR applies even if a business does not operate under the jurisdiction of the EU, as long the data owner (customer) belongs to the EU.
To comply with GDPR, businesses should adhere to the following key requirements:
- Getting an individual’s explicit permission to store their personal information
- Allowing users to access the private data stored by businesses
- Deleting customer information from all records upon request
- Enforcing security measures and safeguards for protecting customer information from unauthorized access
- Gathering and using only the data that is justifiably relevant to the business’s core purposes, i.e., not gathering data for unnecessary or previously unstated purposes
What is GLOBODOX?
GLOBODOX is a document management system that allows an organization to:
- create a secure, centralized, and searchable repository of all its paper and electronic documents
- selectively control users’ access to different documents and even different portions within documents
- record details about a user’s access to the repository
Is GLOBODOX GDPR compliant?
It is not the software but organizations that are GDPR compliant. GDPR compliant software doesn’t exist, a GDPR-compliant organization does! However, using tools like GLOBODOX can be instrumental for organizations in adhering to the guidelines outlined by regulations such as GDPR. Ultimately, it is the responsibility of organizations to identify and deploy a set of procedures, measures, and tools like GLOBODOX to have a demonstrable GDPR-compliant data governance blueprint.
How does GLOBODOX help with GDPR compliance?
Although installing GLOBODOX alone may not be sufficient to guarantee GDPR compliance, using such a document management system can ensure that you have certain key facets of the regulation covered, that too in a manner that can be demonstrated to the authorities if the need be. GLOBODOX allows businesses to have a secure repository of customer information that can be easily managed as per the requirements of GDPR.
GLOBODOX has all the tools and features you need to:
- securely store customer information in a centralized repository,
- set up highly selective access control mechanisms to guarantee that employees only have access to data that is relevant to their function, and
- search and retrieve specific pieces of customer information whenever needed.
The following section outlines how specific GLOBODOX features help organizations to comply with GDPR:
GLOBODOX offers users multiple security options to control access to documents and data on a macro as well as micro level. This means businesses can allow specific users in the organization to use customer information based on their function and department. This allows organizations to assure authorities that customer information is only used for relevant purposes and unnecessary usage and sharing of data is prevented.
For instance, you can allow your telesales team to only access the telephone numbers of your customers and restrict access to other details, for instance, their addresses. Similarly, you can restrict the access available with your market research team to contact information and names of customers, and only allow access to demographic information to perform market analysis.
Encryption and storage control
GLOBODOX provides industry-standard encryption that offers protection against data leakage and loss, by using encryption algorithms like AES, Blowfish, and Triple DES. This ensures that documents with customer information stored by organizations remain secure against most threats. This is important as GDPR requires organizations to take reasonably strict steps to ensure the privacy of customer data.
GLOBODOX doesn’t store documents in an internal database but gives users the freedom to choose where to store documents, such as on an on-premise storage system.
With a wide range of file organization options, such as tags, folders, stacks, and document types, GLOBODOX ensures there are always multiple ways to uniquely identify and retrieve documents quickly. This helps in allowing customers access to stored documents, while also ensuring that those documents can be provably deleted if so desired by a customer. The ability to find and delete documents allows organizations to comply with the GDPR article that states an individual’s “Right to be forgotten”.
GLOBODOX assists organizations in their efforts to comply with GDPR by offering a highly secure, centralized, and transparent repository to store and manage customer information.