The EU regulation targets companies that gather, process, store and analyze personal data. According to the new regulation, these companies must be able to identify, release and, if requested, delete data at any given time. The right to erasure (formerly known as "the right to be forgotten") is also new: Customers, employees and partners can now not only access their data, but also demand that it be deleted. After the grace period ends in May 2018, companies that do not comply with the regulations may be subjected to financial penalties of up to 4 percent of their worldwide revenue and up to 20 million euros.

The right to erasure vs. audit security

Certain personal documents must be stored in an audit-proof way and protected from deletion and manipulation (according to legal retention periods). This stands in contrast to the individual right to erasure. With Doxis4 components for deletion and storage management, companies can fulfill both requirements. Doxis4 safeLock enables firms to delete audit-proof archived information while also guaranteeing traceability and compliance with EU GDPR.

Security — even if the retention period is unknown

The SER solution gives companies a way to automatically manage retention rules and deletion deadlines, for example, for contracts. Furthermore, it is also possible to set up deletion locks for an unlimited period of time for a document. If the retention period of personal information is unknown, Doxis4 safeLock protects the sensitive documents from modifications, even if they have no retention deadline. The deletion lock can be removed if, for example, a customer or employee demands deletion according to EU GDPR. Document deletion can be automated, complete and physically traceable. Deletion only takes place if the document does not have to be stored to fulfill further legal obligations (e.g. retention periods; see article 17, paragraph 3 of EU GDPR).

Quickly provide customers information

In just one click, Doxis4 can also provide customers, employees, and partners their sensitive personal data and documents in a structured and machine-readable form. Companies are therefore always able to give information while also generating important proof of who accessed and modified which documents and when.