On a yearly basis, Dreyers Fond receives roughly 1.200 applications and as of such, deals with large amounts of person sensitive data. It is therefore of upmost importance, that the foundation is properly equipped in regards to intercepting the rules of the upcoming EU Data Protection Act, which will take in to affect the 28th May 2018. The EU Data Protection Act contains several, stringent requirements, which must be incorporated into the day-to-day activities of Dreyers Fond to prevent sanctions of any kind. Exformatics has therefore further developed their pre-existing ECM foundation solution, and ensured, that the systems work-procedures meet these new requirements.
Already back in 2013, Dreyers Fond implemented the “Exformatics ECM foundation” solution, which lead to their work procedure becoming entirely digital. As a result, Exformatics was able to enhance the pre-existing system, and by working towards the upcoming Data Protection Act, were able to adjust some of the previously existing workflows. Subsequently, Exformatics ensured the upcoming requirements would be met. By doing so, Exformatics had two main areas which were prioritized highly: The first crucial element was to document the companies work procedure and dataflow, which primarily consisted of adjusting pre-existing descriptions, thus enabling them to be used as documentation later on.
”We at Dreyers Fond are very happy, that back in 2013, we decided to replace our work procedure with an entirely digital solution, in regards to the many applications that we receive. Our application solution now functions 100% digitally, which has assisted in making the case consideration much faster and easier. We’re entirely satisfied with our collaboration with Exformatics, they’re always there, when we need them.”
Patricia De Moor, Foundations administrator, Dreyers Fond.
The second main area of focus, in regards to the upcoming requirements, was to ensure that the data be deleted or anonymized. For this particular reason, Exformatics developed a new module for the ECM foundation, General Data Protection Regulation Module (GDPR), which takes care of this process; data is deleted or anonymized automatically. By focusing on these two areas in particular; documentation of work procedure/dataflow and data-process handling, the management could present sufficient proof that the requirements were met.