Document management is one of the most serious subjects for all companies because there are personal data of all employees, customers or prospects, suppliers or partners... In such context, the GDPR enumerates some goals that should be achieved:
- identify personal contents (for example: with specialized tools) and employees that can have authorized access to them,
- ensure a level of security appropriate to the risk including encryption "at rest" or during a transfer (art.32),
- define authorized people who can access the contents with personal data (art.29),
- define access control to content with personal data(art.25),
- protection from destruction, loss, alteration, dissemination or unauthorized access.
It is obvious that several information systems and current uses are not "compatible" GDPR : Numerous thefts of personal and sensitive data have involved email servers (HBO hacking, Deloitte, etc.). The file server has been hit by security holes and ransom ware (ex: Wannacry). In addition to these security weaknesses, the saturation of messaging and file servers demonstrates that both systems have reached their limits.
Best practices will now be based on collaborative platforms and DMS , such as the GoFAST solution. This type of platform brings many other benefits, including meeting standards like ISO9001, improving productivity and collaboration..