This is the fourth post in our blog series about the European Union’s General Data Protection Regulations, which came in to full effect 25th May 2018. Last time we looked briefly at the granularity of records management required to satisfy regulations like GDPR.
This time we consider techniques for achieving fine grained records management with customer communications. In particular we consider how to achieve this with both coarse and fine grained records management systems.
How Compliant is Your Customer Communications Archive for GDPR
In the last post we discussed the techniques used by organizations to store their outbound customer communications. Statements, letters and policy documents are usually generated by batch systems either or on the mainframe, or by enterprise applications or by so-called document composition tools. What all these systems have in common is that they consume data and split out documents suitable for print by high-end printers. Print runs often include hundreds of thousands of documents.
One of the ways companies optimize these print files is to store resources such as fonts, images and overlays only once for the entire batch. Storing resources for each and every document can increase the batch size by a factor of 20, which slows down stream processing, particularly for high end production printers. It is these same print batches that are stored in archives, with an index that points to the boundaries between documents within the print file, held separately in a database. For example a customer A’s statement may exist from page 10,546 to page 10,560 in a file. The challenge becomes how do you delete a file from a batch, because not only does the index to the record need to be deleted but the actual pages of the document themselves need to be disposed of.
The converse technique is to split batches into their individual documents and store these documents separately in the customer communications archive with the consequential increase in storage density.
The two techniques are commonly known as no-burst for batch storage and full burst for individual document storage.
So the obvious question is can a non-burst archive be compliant? The answer depends on the tools you are using. Most no-burst archives cannot delete individual documents and so are not GDPR compliant. Those that do can delete both content and indexes from the archive.
Full burst archives are always GDPR compliant because any record can be records managed and disposed of (or conversely held) at any time.
Most organizations are unaware that their existing customer communications archives do not comply with GDPR regulations. No-burst and full-burst archives can be compliant, but many are not due to the legacy technologies upon which they are based.
In our next blog we’ll look further ways why the formats stored in archives are important to GDPR. We’ll examine how to store and manage print formats like AFP, Metacode and PDF in systems and archives and explore techniques for making them work efficiently.
For more information about CrawfordTech’s customer communication archiving solutions see Riptide Conversion Services for CMOD, PRO Archiver for Documentum, PRO Archiver for InfoArchive, CCM Gateway for Alfresco, CCM Gateway for Box and CCM Gateway for SharePoint, all available here.
For more information about data security, you can access the recording from our recent webinar.
This is part of a series of blog posts on GDPR. Read them all!
Your Enterprise Content Management System and GDPR
The General Data Protection Regulation
Transparency and Lawfulness – What does it Mean?
Fine Grained and Coarse Grained Records Management
Keeping Data Secure – Your Responsibilities Under the GDPR Part 1