Are your information management applications GDPR compliant?

Geoff Hornsby
GM EMEA, Sales, iManage
Geoff is responsible for field operations across Europe, Middle East and Africa.
03 October 2019

Many organisations rely on their information and document management systems to help ensure they are in compliance with the GDPR. This approach is of course logical – such applications are where enterprise data typically resides.

Thus far, enterprises’ focus for GDPR compliance has primarily been on appropriately storing data in accordance with the regulation and data protection laws.

However, GDPR compliance is a lot more complex as it demands transparency across the lifecycle of information, which includes electronic and physical data. For instance, if within an organisation’s document management system, full text indexing has taken place away from the main document and outside of the EU – and the enterprise’s client is not aware of this, the firm is breaching GDPR.

The complexity of compliance, however, will continue to increase in the future – not just as a consequence of Brexit, but also as a result of the evolving nature of this regulation. Already, the ICO is working on updating its data sharing code of practice, for which the consultation closed on 9 September 2019.

With some organizations integrating various solutions with their DMS to assist in meeting the full document lifecycle from generation through client delivery, they must ensure that no matter where their documents reside at the moment, compliance is maintained throughout the entire process.

For example, if your organization is global, you must either have full text indexes that match the legal requirements for all the countries you do business in, or communicate with your clients that a substantial amount of data is held in a third country that has different laws concerning data access, which could put their documents at risk—which likely isn’t going to sit well with them.

That’s because clients often have invested a lot of time vetting your solution and ensuring it meets their security requirements. So, as soon as that data leaves to be processed in other regions, that vetted security is no longer valid and their trust in you will be eroded.

Where to begin

To ensure the solution an organization uses is robustly facilitating GDPR compliance, it must first ask its information and document management applications providers how they address GDPR compliance.

This white paper from 2Twenty4 Consulting, a London-based legal IT consulting firm, offers a practical checklist of key questions (alongside providing a rationale for each) that organisations must ask of their solutions provider (on-premises or in the cloud) with regard to GDPR compliance.

As organizations evaluate their DM cloud solutions, many are finding that not all vendors can deliver the same level of security.

iManage offers a comprehensive approach to security, adopting the best practices from the security and cloud industries to provide a secure global platform for professional services firms, and provides the highest level of security among document and email management vendors. Our platform is independently verified by auditors, large commercial financial institutions and significant players in the defense space.

The iManage Work 10 cloud solution is architected from the ground up to ensure your documents always are in compliance with GDPR as we enable you to maintain control of them throughout the supply chain.

We are able to this with our industry-leading Geo-isolation capabilities, which enable us to maintain metadata for documents and ensure they are fully indexed in the correct geolocation related to your business. This means that your data stays properly domiciled for storage and processing, including online viewing, OCR and full text indexing.

“GDPR compliance across the entire document lifecycle is very difficult to retrofit into a solution,” said Shawn Misquitta, VP of product management. “Products that have incorporated an understanding of these compliance challenges into their solution from the ground up will not only comply but perform better and ultimately provide a better experience to professionals. With a majority of large global customers using iManage, we have studied these complexities in great depth and have spent several years building them into our cloud service architecture.”

Some of our other innovative security features include:

  • AI-powered global search: If your firm observes data sovereignty then your information is distributed globally, and your legal professionals can utilize our search capabilities that provide an aggregated view of all documents for the purposes of knowledge and governance.
  • Customer managed encryption keys: With CMEK, the customer maintains exclusive control of the master key that is used to encrypt and decrypt data. iManage has no access to the master key which protects the data from anyone who tries to access it.
  • Zero Trust architecture: This cutting-edge security architecture is founded on the basis that all networks people, and hosts are hostile and reduces the opportunity for data breaches. It exceeds the controls in conventional security models and certification.

The iManage innovative security platform, coupled with our market-leading uptime and broad capabilities, have enabled us to continue to lead the market for cloud document management. Click here for more information about how iManage helps organizations comply with GDPR.