This is the fifth post in our blog series about the European Union’s General Data Protection Regulations, which came in to full effect 25th May 2018. Last time we looked briefly at whether your customer communication archive is compliant.
In the last post we discussed the so-called no burst and full burst archives. The majority of customer communication archives in use today are no-burst archives without the ability to delete records from batches. These archives present a real challenge to any organization trying to achieve GDPR compliance, because they cannot effectively implement right to be forgotten policies and may not be accurately reporting details of all documents stored in the archive.
This time we consider how existing archives can be upgraded, or more accurately, migrated to achieve compliance with GDPR regulations.
Upgrading CCM Archives to be GDPR Compliant
GDPR compliant customer communication archives possess two key attributes - the ability to store individual documents full burst and/or the ability to delete documents from large batches. If your customer communications archive can be upgraded to one that supports deletion of documents from large batches, this is undoubtedly the easy approach to take. Ask your software vendor whether this is possible.
If this is not possible then all the content of the archive will need to be unloaded, burst into individual documents and reloaded again. Many legacy archives simply no not support these techniques and so a migration will be necessary.
Migrations offers other opportunities to improve the way in which content is stored and accessed. For example, many legacy archives store print files in formats such as AFP, line data and Metacode. These formats existed before modern standards like PDF/A existed, which is a format specifically designed for long term document archival requirements.
It is possible to store print files and still achieve GDPR compliance, but if your customer communication archive needs to be migrated anyway, why not turn your archive into an ISO standard PDF archive at the same time as you become GDPR compliant? PDF is much better suited to ePresentment use cases, where documents need to be accessed by customers over the web or on a mobile device.
A further challenge in any archive migration is making sure that every batch and document in the source system ends up in the target system. The migration process needs to demonstrate a chain of custody for these documents and prove that documents have not changed during the migration process. Migration quality assurance processes may at their simplest level count the documents out and count the documents in at the other end. More sophisticated processes will check that the content in the source system is an exact copy of the original.
Migrating to a GDPR compliant archive can be daunting, with 100’s of millions of documents going back over 10, 15 or 20 years. Standards like PDF/A can play a significant role in ensuring that your next generation archive is future proof. But a rigorous migration methodology and tooling is essential to ensuring that customer communications archives remain compliant when moved.
In our next blog we’ll look at how to keep data secure in a GDPR compliant archive and your responsibilities under the GDPR.
To find out more about how CrawfordTech’s supports GDPR compliant archiving and migration tools for both no burst and full burst archives take a look at this recording from our webinar – “Ensuring Your CCM Archive is Compliant”.
This is part of a series of blog posts on GDPR. Read them all!