GDPR Compliance

At Foxit, we are already working with dozens of customers in helping them achieve full GDPR compliance before May 25th. If your document management system needs to be reviewed because of new regulation, consider the possibility of getting Foxit’s help. 

What Is GDPR?

On May 25, 2018, the General Data Protection Regulation (GDPR) will be implemented across Europe and any companies who have customers in any EU country. This regulation will impact how companies collect and process data from individuals who live within the EU. If you are unsure about how GDPR will affect your business, read more on the official GDPR website.

We have been working with many enterprise customers to ensure that they will be GDPR compliant in their document management by May 25th. If you are unsure how your document management system will hold up, fill in our contact form at the bottom of our page and a senior member of our team will get in touch to discuss your options.

New Requirements under GDPR

Under new EU regulations, anyone within the EU that you store personal information about (clients, prospects, even your own employees) can ask for a full report of every piece of information you have on them which they should receive in 30 days or less. Personal information is any information that can identify a person, e.g. Name, Address, Email, etc.

Regardless of the size, location or type of business you have, if you have personal information about a citizen within the EU, you need to abide by GDPR. You must carry out a Privacy Impact Assessment (PIA) on all systems that hold sensitive information about a person to ensure that it is safe and secure, and also easily supplied to the person if requested.

Getting ready for GDPR

Every company is different but processes can be streamlined. Below we have created an example process that sums up how PDF technology can ensure your document management system complies with GDPR by May 25th.

Before May 25th

  1. Audit the way you treat customer data within your document management and archiving systems. Can you easily find, edit, redact or delete that information?
  2. Leverage PDF metadata within your document system so that personal information can be easily found in files
  3. Carry out a PIA on this system to ensure personal information is not compromised at any stage of the process

After May 25th – A practical case

  1. A data subject requests deletion of their information
  2. Your data officer receives this request and starts to identify the data subject’s personal information within the company’s CRM, document management system, invoicing system, ERP, even email inboxes.
  3. Using Full-Text Search you can identify information within all PDF documents
  4. Using redaction, you can delete personal information from said documents
  5. You send confirm and selected screenshots as proof that you have removed the data subject’s personal information from your systems

Is your company GDPR-ready?

A Privacy Impact Assessment (PIA) essentially is carrying out a risk assessment of the proposed processing of personal data when May 25th comes about. There is a high risk to personal information if your company is processing it. A PIA gives you a complete view of the risk and possible steps to make processing more secure for data subjects. This assessment needs to be carried out before GDPR is enacted to ensure a seamless process.

Foxit’s GDPR Solution

Full Text Search
If a customer requests proof of all their information you hold, you need to be able to search all your documents for references to that customer quickly and easily. Using full-text search across all your documents, every PDF document can be scanned for instances of a word or snippet of text, cutting out the need for manual searching. This quick process is even successful in searching for special characters within documents.
Metadata
With PDFs, companies can set the metadata behind documents to make files easier to categorize and search. For instance, each data subject’s profile in your database will have a uniquely identifiable code that can be added to document metadata when personal information is present. Once information is requested, a company can search for the unique code which will pull any documents that hold data from that customer in a matter of seconds.
Redaction
Redaction is a great tool to censor or obscure information in an otherwise important document. It allows you to edit a document without altering the authenticity of it. If a data subject asks for their information to be deleted from your systems, you can easy redact information in contracts, invoices and other documents while still retaining the valid legal documents for future proof of business, with just a click and drag of a mouse.
Archiving
PDF is the most secure file format in the marketplace, so why wouldn’t you want to use it to archive your documents? Not only is it secure but a specific PDF type, known as PDF/A, holds an ISO Standard to ensure all important information regarding how to render document is included before archiving so it looks the same as the original in the future and on any system. If that is not safe and secure, we don’t know what is.

Document Protection with GDPR in Mind

The media have talked about GDPR to death but not from a document management perspective. Discover how to protect personal information within PDF documents

Why PDF is your GDPR Solution

We are actively working with key enterprise companies to create a custom GDPR Solution that can help you become GDPR compliant. Find out more today

Ready to talk about GDPR? Get in touch to hear how we can help your business