GDPR and the paper habit

Why GDPR represents an opportunity to make your business better.

Paper is a hard habit to break. For thousands of years if we want something to be official or reliable we write it down. From contractus litteris of the Romans in 100BC, if it’s on paper then it’s real. Centuries have moved the technology on. Scribes with Quills, Manual printing presses through to state of the art laser printing in full, luxurious colour. We now produce better paper documents than ever before. We do it quickly, cheaply and repeatedly.

Like all habits that go unchecked to much can turn out to be a bad thing. The production of paper copy used to be the best way to create a binding process. Technology has changed to a point where, in some cases, paper copy is not only surplus it constitutes a risk to personal security. It is this risk that is being addressed (in part) by the new General Data Protection Regulation set to come into force in May 2018.

GDPR will finally set a standard by which organisations will have to manage and process personal data. It will place a burden of responsibility on organisations to protect personal information (PI) and those to whom it involves. As with any significant change in law GDPR is being leveraged by markets to sell products and services. GDPR is being seen as a primarily IT issue. As such data security is at the top of plenty of meeting agendas in the rush to be prepared.

Is GDPR really only an IT issue? In 2016 Record Nation declared that 33% of all US businesses would fail within 3 weeks if they suffered a catastrophic loss of paper records. Although the market focus of GDPR is very much on the potential penalties for not properly managing Personal Information.

Is it right to simply see GDPR only as a digital data security problem?

In truth no. GDPR is about Personal Data management in all its forms. This is where the paper habit becomes important. Often businesses create paper simply because users can’t understand or identify methods within IT to complete the required tasks. Software trainers often remind us that Software ‘developers aren’t users’ and even those who work with systems everyday rarely have the skills to identify and resolve process issues.

Too often businesses implement IT in such a way that the processes don’t quite join up causing these tricky little impasses. Often leaving users to create solutions. After thousands of years of habit often that solution is frequently paper. In the Managed Document and Print industry we so often see users printing documents only to scan them back into a different digital destination.

This creation and distribution of paper causes huge potential for GDPR issues. Digital data and documents are tricky enough to manage. Even with access permissions, metadata and databases making sure the data on hand should be there is no small task. When that data is nothing more than a digital photograph of a piece of paper, or worse still is an actual piece of paper floating around in the real world then things really get difficult.

Think on this: GDPR tells us that the subject of personal Information has the right to know you have it, the right to see what you have. They have the right to know what you are doing with it and the right to tell you to get rid of it. As a business you also have no right to store data you don’t need. Now consider how you manage all of those rights in a timely fashion when all that data is in hard copy?

A huge, expensive, difficult and time consuming task indeed. Or is it? What if you turn that business frown upside down? What if you consider GDPR as a positive set of business goals?

Consider this: How much more efficient would your business be if you removed unprocessed paper? How much more time would your staff have if they weren’t wasting it looking for information in unstructured storage? How much could you improve your service if your processes were smooth and reliable? How much do those bulky filing cabinets cost in floor space? I’m betting quite a lot. I’m also betting that no one would question the benefits to a business if all of these elements were improved.

GDPR and the paper habit
Security isn’t the only GDPR concern. Can you actually be sure you know what data you have?

We can complain about the implementation of GDPR but the truth is a business that can better track, manage, share and control its information is a stronger one than one that can’t. If this information includes PI then so much the better. Your GDPR story will be a solid one and your business is safe from those much-dreaded fines.

Achieving all this is no small task. You can invest in clever software. CRM, ERP and a million other acronyms are there to help you spend your money; but they all still leave those little gaps.

Like it or not paper is still the achievable habit. It’s fast to modify, cheap to produce and the simplest medium to train staff on. After all (to a huge majority) we’re all taught to read.

Try as we might we can’t dictate to other businesses how they treat paper or where they use it. As an added bonus printers and scanners have been quietly developing as powerful data devices with advanced features. Features that, as IOT becomes more central to businesses, can only become more useful.

GDPR may be all encompassing, with even organisations from outside the EU being subject to its rules as soon as they transact within a member state. However, it doesn’t dictate what medium organisations use. You might create a super clever electronic system. You might even plug all the gaps in process, but you’ll still receive paper. You’ll still need to process the data on the folding stuff.

The great news is by properly managing the production, processing and storage of paper it can be made both safe and helpful again. All the benefits of the world’s most recognisable, and excepted, medium can still play a part in the safe and successful running of a business. Even in a post GDPR world. Even in a world where tablets and mobiles exist there’s still a very benefit to paper.

Not only can paper process still be an integral part of business process, it can be improved and developed to offer more value than ever before. All you have to do is really consider just what the paper does and why. This is the real focus of GDPR. Data security is critical. Print devices offer a very real data security threat. A threat that is often overlooked by IT and Managed Print Service providers alike. But data security has long been a critical business need. If GDPR does nothing but drive organisations to consider their data security it will have been a result for all. Especially with specialist peripherals like modern print, copy and scan devices and MFD’s.

It is not this data security that will improve your business processes. By really deciding what needs to be printed, why it needs to be printed. Ensuring that critical data is included on the page and designing documents to be captured and to feed data systems can deliver huge benefits to business process. Of course businesses will identify documents best never to touch paper. The safest (and cheapest) page to print is the one that never touches paper at all.

By considering technology like variable data printing which allows simple text data to be transformed into machine readable formats like barcodes. Or morphing difficult formats into recognisable, usable layouts like invoices or load manifests paper can become much more powerful. Often without the need to change legacy systems and retrain staff.

GDPR doesn’t need to force businesses in to expensive system changes.

Documents can be captured, important information extracted, compared to systems and used to trigger processes. Driving messages and alerts. It’s possible to close the loop on paper systems. Compare the documents printed with those captured to ensure no loss and properly audit the safe management of information and PII.

GDPR and the paper habit
Implementing ECM offers document/data security, but also delivers real process benefits.

Convert paper to digital format after process and the issue of sharing and even workflow become much simpler. GDPR tells us that we have to be able to share PI with outside parties. More importantly, be able to explain how we do this in a safe and timely manner. By placing our paper records in digital systems it’s possible to securely share them without printing yet more potentially volatile copies. It’s cheaper and faster too.

What about the infamous ‘right to be forgotten’?

When was the last time an outdated document removed itself from your filing cabinet, told you it was leaving for the shredder and securely destroyed itself? No, ours don’t do that either. Digital archiving can make this possible. The logistics of trawling through hard copy to decide on what to loose becomes hugely complex when you consider it. Think about this: You have a document with PI for two subjects. One you need to share, one you need to secure. You can redact the one you need to secure but now you’ve damaged the document and would need to replicate the original to share the data with the other party. Now I have two problem pages to consider….

GDPR isn’t an IT security issue. IT security is a foundation to proper data management. IT security is logical and important but GDPR is about making sure the ad-hoc processes that have evolved in your business are actually thought through. The great news is that by tweaking processes with print security and management, by considering Electronic Content Management and by learning how to properly link the points in the process together your existing systems can be made both GDPR safe and efficient.

GDPR is a potential win, win. It’s an excuse to really tidy up these processes and drive business efficiency

It can reduce costs not increase them. It can free up time and even space. To learn more about systems to close the loops in your business processes contact IPS for further information on  +353 1 832 0930 or request a call back.

Request a call back