Store your business’ essential documents securely offsite to save space and ensure compliance.
Protect your business’s digital media in a secure, climate-controlled vault.
Secure your essential records like wills, evidence, trusts, and legal documents in our vault.
Preserve the safety and integrity of biological samples, pathology slides, and critical medical materials with secure, climate-controlled storage.
Easily manage and track your inventory online with Corodata’s secure and user-friendly Client Portal.
Need storage boxes? Order Corodata’s durable, secure boxes online in just a few clicks. Keep your records organized and protected.
Access your physical documents digitally with Corodata’s Scan on Demand service. Deliver secure, on-request scans directly to your device.
Digitize large quantities of documents efficiently with Corodata’s High Volume Scanning. Ensure quick, secure, and accurate conversion to digital files.
Securely access your digital and scanned documents anytime from your desktop, tablet, or phone with CoroVault.
Keep your business compliant and secure with our NAID-certified paper shredding services.
Prevent data breaches with certified hard drive destruction, fully wiping data and ensuring compliance.
Host a shred event to provide secure shredding services to your community at a central location with our mobile shred truck.
We offer a range of secure, locked shred bins and consoles designed to safely store confidential documents and files. Explore our available options today!
Stay informed with the latest records management tips, industry news, and expert insights.
Unlock free exclusive ebooks, templates, and checklists to streamline your business operations.
Access free on-demand webinars to master Corodata’s client portal.
This guide reveals exactly which business records to keep and for how long.
Safeguard your business operations and speed up recovery during a crisis by completing this disaster recovery plan.
Easily maintain HIPAA compliance with our comprehensive checklist.
Since 1948, we have delivered secure records management solutions to help businesses confidently protect and manage their information.
The GDPR, enacted on May 25, 2018, has quickly become one of the top five records management laws every information manager must know. This powerful new law enforces that companies doing business in, or that have ties with, the European Union must manage and protect their customer’s data according to a much higher GDPR compliance standard. Fines for failing to comply can run as high as 20 million Euros, or $25 million USD.
Fundamentally, the GDPR aims to give consumers more complete control over how their personal data is collected, stored and used.
“‘Personal Data’ means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.”
The good news is that just by being in California you already have a head start. California was the first state to enact a data breach notification law, intended to provide early warning to those at risk of identity theft, which coincides with Articles 33 and 34 of the GDPR.
Whether a company operating solely in the U.S. must also comply is a complicated question, but many who may not think they fall under the scope of its requirements actually do. That means, you have some homework to do to see if it applies to your business. Here are three reasons why a California business would need to comply.
While the drafters of the GDPR intended for it to be “technologically neutral” the regulation applies to (1) where processing of personal data is conducted by “automated means,” and (2) where processing of personal data is not conducted by automated means, but the data “form[s] part of a filing system or [is] intended to for part of a filing system.
It’s the second situation that applies to “information kept on paper,” which means physical records that contain personal data also fall under the regulations.
Paper records are an often overlooked security risk. In the last 24 months, 17.7% of data breaches under investigation by the U.S. Department of Health and Human Services are related to paper and physical documentation. Other industries, such as legal and financial companies, also have unusually large amounts of physical documents, but all companies should take stock of what information they have in physical form.
The GDPR was primarily crafted as a way to regulate large firms processing big data, but the way the regulations are written makes it such that a very broad range of records must be kept, indexed, and made quickly retrievable to be compliant for nearly all businesses. Any data that is “processed” falls under its scope.
“‘Processing’ means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”
The big takeaway here is that the language of the GDPR is remarkably broad. Practically speaking, this means all documents digital or paper are likely subject to the GDPR.
Yes, The GDPR Will Affect Your U.S.-Based Business | Forbes GDPR’s Most Frequently Asked Questions: Does the GDPR apply to paper records? | Lexology General Data Protection Regulation | Intersoft Consulting
DISCLAIMER: The information conveyed through this article is not intended to give legal advice, but instead to communicate information to help you understand the basics of the topic presented. Certain concepts may not apply for your business. Please consult with your legal council for decisions that reflect your situation.
There's much to do to be compliant. Here's an interactive checklist of GDPR essentials for those less-versed in the GDPR. These are also just good records management practices.