Should you be scanning your paper files and archives to comply with GDPR?

You can’t escape the noise when it comes to GDPR, the new data protection rules and we are sure that you already know the consequences to your business should you not comply.

However, it is quite apparent that much of the focus of this noise is placed on cybersecurity threats, server hacks, database vulnerabilities and data stored on and transmitted between servers and networks.

What doesn’t seem to have been highlighted clearly enough and something which should be a cause for concern for businesses large and small are their paper files. We are not just talking the paper files that are stored in the filing cabinets cluttering up the office either. We are also talking about the stores of archive boxes held off-site.

Archives, the business equivalent of a black hole, for all that paperwork businesses are keeping for audit purposes or just in case, where it is difficult to locate personal information or sensitive information within their paper records. Archives, which could very well put a business at serious risk of breaching the new rules.

If we just take a minute to look at the key elements of the new rules; the right of access, the right to data portability, data Retention and the right to be forgotten. Ask yourself, as a business, how are you going to comply if a person’s information is still stored on paper and potentially with information not stored at your office location?

The new rules stipulate the timescales within which a business need to comply, which is, where specified, within one month. Which on the face of it, doesn’t sound too bad, now ask yourself these next questions:

  • What is the nature of the documents you hold?
  • Do they include personal information?
  • Are they all in one archive box or will information be held in a number of boxes?
  • Are you able to know easily which boxes hold the information
  • How long will it take you to retrieve the boxes?
  • How long will it take you to go through the boxes to extract all the information?
  • Are you confident that you will have got it all?
  • Do you know how many copies exist?
  • Who is going to do it?
  • What won’t they be doing whilst they do this?

If you have already done so, you must start putting in place an effective paper lifecycle management and retirement strategy. That in itself means that must you know exactly what information you are retaining in regard to personal data. This will be a very time-consuming project and one even the largest companies might struggle with. And the ongoing commitment to managing paper documents would be a large burden.

Any company with sensitive information held on paper, in archives or filing cabinets should be looking to digitise these as soon as possible. If you have the necessary scanners and scanning hardware, the staff with the necessary skills to allocate to such a project then you can consider doing this in-house.

If you don’t or can’t spare staff to be taken off other projects then it is best to use outsourced scanning services. Working with digital files has always made more sense than working with paper. And there are numerous benefits to doing so. It reduces costs, helps the environment and enables enhanced security.

To find out more about how our scanning services and document management solution can make preparing for GDPR easier for you, contact us on 01285 810606 or use our contact us form to request a callback.