What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation that acts as an addendum and overhaul of the European Union's (EU) existing data privacy laws.

The regulation was adopted by the EU parliament in April, 2016 and the deadline for enforcement was May 25, 2018, meaning that businesses not compliant after that date are subject to fines of up to €20 million or 4 percent of their global annual turnover. 

The EU GDPR Website features comprehensive details about the regulation and its history as well as answers to frequently asked questions about all different aspects of GDPR.

How Does SpringCM Help Our Customers with GDPR Compliance?

For SpringCM customers, compliance with all national and international data regulations, including GDPR, is a top priority.

Security and Data Protection 

GDPR requires companies to take reasonable data protection measures for sensitive and personal information
  • Encryption
  • Password policies
  • And more

Streamlined Compliance-Related Processes

With configurable workflow, you can improve GDPR compliance-related processes, including:

  • Standards 
  • Audit trails
  • Reminders of upcoming audits
  • Workflow to get approvals
  • Track deviations, exceptions

Data Management and Retrievability

Tag documents with related metadata to enable users to quickly find all information for a particular customer, case, incident or request.

Auditability and Reporting

  • Log every time a user accesses, views, edits or acts on a document 
  • Build reports to ensure correct access permissions to content containing personal data
  • Make audit information available to external auditors to speed up audits or even avoid them

Right to Erasure and Records Management

Enforce individual privacy rights by securely storing, protecting and deleting information.


What Does GDPR Mean for Contracts and Documents?

Contracts, resumes and other types of documents containing signatures and other identifying information are just as subject to GDPR data management guidelines and EU citizen removal requests as other more public-facing forms of data.

So if you are dealing with EU clients or customers in any capacity, the documents that underpin your relationships with them must be accounted for, and your IT setups must meet the GDPR regulatory burden.

Why is SpringCM Set Up So Well for Handling GDPR?

The reason SpringCM is so well-positioned to handle this new world of regulatory demands from the EU is twofold.

First, SpringCM's infrastructure and operations have, from the outset, been built out and maintained with data privacy, portability, monitoring and convenience as the top priority.

Second, part of what makes SpringCM such a valuable tool for document management is that it focuses on centralization. Having information all stored and searchable in a central, cloud-based location – rather than scattered across various servers, in hard copies, and in disparate formats – makes managing the type of requests that could arise under GDPR easy.

And even for data that is necessarily unstructured, SpringCM can build out workflows that allow for the easy identification and full deletion of a given piece of requested data.

Confirmation of Compliance

Companies conducting business in the EU must reach out to all of their third-party vendors to confirm compliance with GDPR so as to not open themselves up to liability for penalties. SpringCM is able to offer this confirmation and give any affiliated businesses peace of mind about its level of compliance with its contracts and other documents stored and managed on the SpringCM cloud.

Additional SpringCM GDPR Resources

GDPR Webinar

GDPR Preparedness: How to Ensure You're Prepared for Compliance

In this webinar, security experts discuss data privacy and security environment, review the requirements set within the GDPR, and outline compliance options.

  • What is GDPR and how it impacts your organization
  • Discuss ways to achieve GDPR compliance
  • Review benefits of GDPR compliance to build global relationships
  • Detail the effects of noncompliance