The European Union’s sweeping data privacy regulation went into effect on May 25th, 2018, and it’s upending the way businesses work. Not only does the General Data Protection Regulation (GDPR) completely change how organizations collect, use, and protect user data, but it also goes beyond your digital files and straight into your filing cabinets.
Although GDPR was built with EU residents in mind, the regulation also applies to the 80 percent of U.S.-based businesses that serve customers in the EU—and noncompliance could mean fines of up to €20 million (roughly $23 million) or 4 percent of annual global company revenue—whichever is greater.
In our increasingly data-driven world, now is the time to go paperless for GDPR compliance—to protect your business, your users, and your bottom line.
GDPR and Paper Record Security
A shocking amount of customer data still lives in paper documents in offices around the world, and GDPR brings to light an ongoing problem in record management security. At its core, the regulation is “technologically neutral,” and there are two essential ways the regulation monitors personal data:
Instances where personal information is processed through “automated means.” In this situation, records are being stored electronically. An example would be when paper records are being converted to electronic records, which usually requires some automation.
Instances where personal information is not processed through automated means but the data comprises “part of a filing system or [is] intended to form part of a filing system,” where “filing system” is defined as “any structured set of personal data which [is] accessible according to specific criteria, whether centralized, decentralized or dispersed …” Although papers scattered on your desk wouldn’t be subject to GDPR, employee files stored in a filing cabinet in HR or expense reports that are labeled and sorted would be considered searchable and accessible under the regulation. Basically, any paper documents that are sorted and filed must be GDPR-compliant.
The solution to easily and seamlessly achieving GDPR compliance? Embrace the paperless office with digital workflows.
Although your filing system might be color-coded and alphabetized, the truth is that no matter how organized you are, paper records aren’t easily searchable. With a paperless filing system, you can quickly find files using any number of parameters, including date of creation, date of the last update, who created the file, and other filterable options. A paperless system also eliminates the hazards of managing paper trails, which saves time, money, and gives your organization—and your users—the peace of mind that comes with knowing that documents are secure.
Printing documents is expensive—just consider the costs of the paper itself, as well as the ink, toner, and machine maintenance. But storing paper records is even more expensive. According to the U.S. Department of Commerce’s National Technical Information Service (NTIS), it costs $880 to maintain a five-drawer file cabinet per year, and businesses spend $11 per year per inch of paper of documents stored. Add to this the cost of time employees spend locating paper files, and the costs of manual filing systems skyrocket. Cutting back on the costs of printing and filing paper documents will boost revenue and reduce risk, letting you focus on business-critical budget needs, not more reams of paper.
Employees waste more than four hours every week on paper-based tasks. According to NTIS, this includes 10 minutes retrieving and refiling a single paper document, plus the 50 trips per week to the fax machine, printer, or copier in order to retrieve paper documents. In fact, according to Nitro’s Knowledge Worker Study, two in five office workers believe productivity levels would rise rapidly if paper were replaced with digital tools. Not only does a paperless system boost productivity, but it also makes for happier employees who can focus on the work at hand, not on making sure paper files get properly refiled or picked up from the printer.
Think of the Trees
The U.S. Environmental Protection Agency (EPA) estimates that the average employee uses upwards of 10,000 sheets of paper per year. Not only do those sheets of paper cost, but they also eat away at precious environmental resources—from trees to water to other resources eaten up during production. Doing your part by going paperless not only puts you in compliance with GDPR, but it also means your organization is helping to preserve valuable natural resources.
Avoid Litigation and Fines
One of the most compelling reasons to go paperless for GDPR compliance, of course, is to avoid regulatory fines and general litigation. In 2010, Rite Aid Corp. had to pay a $1 million fine after some of its paper files on prescription information were improperly disposed of in a Dumpster. In another case, U.S.-based Parkview Health System agreed to pay $800,000 after as many as 8,000 patient files from Indiana and Ohio were left sitting in a physician’s driveway. Since GDPR’s launch at the end of May, the Guardian reports, Europe has seen a 50-percent increase in the number of complaints compared to last year, and dozens of cases are currently under investigation. In Austria alone, Politico EU reports, more than 100 complaints and nearly 60 breaches were filed in June—an amount that would typically be filed over an eight-month period.
By going paperless, you can easily trace files as they move from one folder or department to another, and you can also restrict access to certain files based on department, company domain, email address, and any number of other parameters or with a password system. These paperless features provide a high level of security, transparency, and accountability for all of your user data, ensuring GDPR compliance.
If your organization is ready to go paperless to ensure GDPR compliance, sign up for Nitro’s GDPR webinar to learn about solutions for replacing outdated, time-consuming paper-based processes with secure, connected digital workflows.