General Data Protection Regulation

Everything you need to know about the GDPR.

The GDPR, what is it?

The General Data Protection Regulation is a European regulation for the purpose of protecting personal data. It concerns personal data kept by companies or organizations within the EU. Starting from May 2018 the rules of the GDPR apply to all European companies. Member States will monitor the compliance with the rules on their own.

3 important rules and a warning

Ask for Permission

Distinct permission is required if you wish to keep personal information about people, customers and employees. By default, the highest possible privacy settings should always be used. Individuals should not only give their permission to store their data, they should also be able to revoke this permission. Each individual has the right to request any stored information concerning them.

The sanctions that could follow if personal data falls in the wrong hands can be significant. Fines can rise up to 4% of the company turnover.


Security means that you can provide sufficient access rights per document or document type, which can prevent unwanted use of information.Of course, security is as weak as its weakest link; e.g. the user. Maybe it is due to oblivion, or a careless day, but at certain times information can end up in places where it does not belong.

With a comprehensive monitoring system the required guarantees can be built in as well. Knowing who composed information, consulted documents or printed an email from the repository. There are applications available which ensure that an extended log file is kept on all actions within the system.

Basically, these rules make sense. As more and more information evolves from a paper carrier to a digital carrier, and thus from a cabinet to a server, which has a connection to the Internet, security becomes increasingly important.

Appoint a DPO

In addition, in many organizations a responsible individual, e.g. the Data Protection Officer, should be appointed. He or she will be responsible for monitoring the stored data and for handling it. It is therefore important that each document is properly protected and is also given a life cycle. A data or document life cycle could entail that certain documents should be removed after a certain amount of time, or that the security of the document should be edited.

Another task of the DPO (Data Protection Officer) is to report violations to the document database as soon as possible.

Smartdoc & the GDPR, a great combination.

With Smartdoc, we want to offer an accessible and user-friendly solution for the questions and risks that rise as a result of the GPDR. Although applied measures are usually less severe than initially announced, everyone has once suffered the consequences of underestimation.  We presume the following 5 principles.

  • Create one central repository
  • Organize the right processes
  • Embrace privacy
  • Think about your communication
  • Keep the focus on these three basic features: Security, Life Cycle Management and Monitoring

Last but not least

How do you know if you’re keeping information about a particular person? Full text indexing of documents and a good search function make it possible to access all emails, PowerPoint documents, Word documents or scanned PDF’s with a click of a button, allowing you to easily find all documents of a certain “John Doe” lost in your repository.

For more information about the GDPR or how you can transform your repository into a legal, auditable and secure environment, you can contact our project managers.

White Paper

Download a white paper about the GDPR and learn more about our 5 principles.