1. Legislativní revoluce v zacházení s informačním obsahem Vliv GDPR na vaše dokumenty
Štefan Lukáč, Account Manager CEE

2.
“Personal data shall be … kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed”
- EU General Data Protection Regulation “
EU General Data Protection Regulation (GDPR) (REGULATION (EU) 2016/679)
Protection of personal data
Governs processing including storage and retrieval
High fines for minor and major breaches
“Infringements … shall … be subject to administrative fines up to EUR, or … up to 2 % of the total worldwide annual turnover … whichever is higher”
- EU General Data Protection Regulation “
„Minor“ Breaches: fines up to EUR 10 Mio, or up to 2% of the total worldwide annual turnover of the preceding financial year, whichever is higher
Privacy by design
Appointment of a representative and/or data protection officer
Use of data processors
Internal documentation of data breaches and privacy impact assessments
IT security (TOMs)
Data breach notification
„Major“ Breaches: fines up to EUR 20 Mio, or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher
Simple principles for processing; such as fairness, legality, transparency, data avoidance, purpose limitation, carefulness, retention periods, consent, admissibility of processing sensitive data
Rights of data subjects
International data transfers
Non-compliance with an order of supervisory authority
“Infringements … shall … be subject to administrative fines up to EUR, or … up to 4 % of the total worldwide annual turnover … whichever is higher”
- EU General Data Protection Regulation “

3. Questions to have in mind when working with data
What data you use, process and store?
How and where it is stored
What is the reason you process data
How long you can own it
Na začiatku je potrebné si uvedomiť čo vlastne je GDPR a čo nám prináša.  GDPR je nové nariadenie o ochrane osobných údajov EÚ, ktoré výrazne zvyšuje ochranu osobných údajov občanov. Nariadenie sa dotkne prakticky každého, fyzickej alebo právnickej osoby, ktorí spracovávajú údaje svojich zamestnancov, zákazníkov, klientov, dodávateľov ale aj tých ktorí prevádzkujú kamerové systémy. Ich porušením sa vaša organizácia vystavuje vysokej pokute, strate dôvery a zlej reputácie.  Podstata nového nariadenia spočíva v oddelení osobných údajov od ostatných dát firiem alebo úradov. Osobné údaje musia byť chránené.
Základné otázky, ktoré budete všetci riešiť na začiatku prípravy na GDPR.
1. Aké dáta spracovávate? Aké údaje vo svojich systémoch spracovávate a kto má k nim prístup. Inou kategóriou sú zvlášť citlivé osobné údaje alebo spracovávané osobné údaje detí. Ak nebudete vedieť identifikovať dané údaje dostanete sa do konfliktu s GDPR.
2. Ako a kam ukladáte?  Dôležité je aby ste vedeli ako sú osobné údaje spracovávané a kde sú ukladané. Bohužiaľ prax ukazuje, ze väčšina firiem a osôb zodpovedných za dáta, má len slabú predstavu, čo sa robí s dátami, kde všade sa pohybujú a kde sa ukladajú.  GDPR pritom ukladá povinnosť viesť záznamy o spracovaní osobných údajov. Preto bude pre vás dôležité identifikovať zdroje a úložiská osobných údajov.
3. Na základe čoho dáta spracovávate?  Jedným zo základných princípov GDPR je zákonnosť spracovania osobných údajov. To znamená, že môžete spracovávať osobné údaje len na základe definovaného účelu: zákonný titul, oprávnený záujem, verejný záujem, plnenie zmluvy, súhlas.
4. Ako dlho?  GDPR vyžaduje aby boli osobné dáta spracovávané len po dobu, ktorá je nevyhnutná. To znamená, že budete musieť vymazať dáta, ktoré už podľa definovaného účelu nesmiete spracovávať. Napr. osoba odvolala svoj súhlas na spracovanie osobných údajov.  Životný cyklus spracovávaných dát musí mať jednoznačne stanovený začiatok a koniec.

4. All Types of Enterprise Information Require Some Method of Retention and Destruction
Business Processes
Create Structured
Data…
Business Communication Creates
Unstructured Content…
How long do we keep this information?
HR records? Shipping Documents? Transaction contracts? Marketing collateral? Purchase information? Supply chain data? Customer data?
How do we destroy this information at appropriate time?

5. Example of Documents that contain Personal Data in Order-to-Pay
Objects in this example include personal data PLUS may have documents attached with personal data. Data and attached documents need to be deleted after the reason for retention expired, referring to data privacy acts!
Order Entry
Fulfillment
Delivery
Invoicing
Incoming order
with contact name, phone,
Delivery note
with contact name, address
Outgoing invoice
with contact name, address

6. Retention Policies – Timely Deletion is a MUST
"the data shall not be kept for longer than is necessary for that purpose" (section 2(1)(c)(iv) of the Act)
Customers should be able to answer YES to the following questions:
Is there a defined policy on retention periods for all items of personal data kept?
Are there clerical and computer procedures in place to implement such a policy?
Is information about old customers or business partners routinely purged from our systems?

7. Enterprise Records Management
Controlling the lifecycle of content
Enables the creation of file plans, retention schedules, execution of legal holds and disposition
Includes records management of physical content
Provide defensible disposition of all content
Diminish exposure to discovery costs

8. Records Management Workspace
Records Management Workspace is used to
Set up rules & policies:
Classification
file plan,
Categorization
taxonomy
Manage retention, hold and disposition
Reporting

9. Records Management Classification
Provides flexible options to classify records:
inheritance of classification
manual classification by user
assisted classification
automatic classification
default classifications

10. Create Schedules for the RSI (Record Series Identifier)

11. Destruction Reports

12. Physical Items

13. Circulation

14. ARCHIVING Email Social Media SAP Data Business Content File Shares
ECM CONTENT
SAP Data
Business Content
EFSS
Legacy Decommissioning
& FILES
SharePoint
File Shares
Social Media
STRUCTURED DATA
Scans
ARCHIVING RM
Migration
Rendition
Encryption
OpenText has always has been strong in archiving. The OpenText archive technology is homegrown, designed in-house and has been in the market for over 20 years. OpenText does not sell any storage-related hardware, 100% of the archiving management software and high-end storage services including storage virtualization are provided by OpenText and do not rely on any particular third-party technologies other than physical storage.
OpenText Archive Center, a component of Content Suite, enables storage, retrieval, defensible disposition, regulatory compliance and secure long-term retention of archived data and documents. It is a scalable and integrated service for archiving all enterprise content. This content is stored in a secure repository, providing assurance that all data is safely stored for years, yet still instantly accessible when needed.
Archive Center is a multi-tenant, cloud-ready archive equipped for rapid deployment and provisioning options including, cloud, private cloud, hybrid or on premise. Business Administrators can quickly and easily set up new collections, archiving tasks and manage retention and disposition of data centrally across all tiers of storage and locations. Archive Center’s application allows privileged users the ability to search and respond to legal requests by applying legal holds, as well as exporting and loading files in EDRM xml. Archive Center’s powerful reporting and statistics enable transactions and storage usage to be easily monitored.
The OpenText archiving component is format agnostic. This means it can store any content regardless of its format. Archiving is not limited by file size. Storage optimization such as handling numerous but very small files is in place.
OpenText Archiving supports storage hardware from all leading storage vendors, for example EMC, HP, HDS, NetApp, and Cloud Storage such as Amazon S3 and Microsoft Azure. It virtualizes the storage layer and, because of this, Archive Center supports a wide range of different storage technologies and storage vendors, such as hard disk, CAS, (content addressed storage), SAN (storage area networks), NAS (network attached storage), HSM (hierarchical storage management systems) and cloud storage.
To save storage space, content is automatically compressed during archiving. Per default, formats such as and office formats are automatically compressed. Critical data can be stored encrypted. The integrity of the data is secured by signed timestamps. Timestamps preserve the last modification date of a document, and thus can prove that documents have not been modified.
OpenText Archive Center grants fast and efficient access to content for a large number of users. A single Archive Center can handle billions of business documents and thousands of users. Performance results underline the strength and scalability of a single instance. Recent tests proved that more than 1.4 million 100 kB documents can be ingested per hour.
The Archive Centre active-active cluster guarantees high-availability for mission-critical applications with minimum down-time. The group of nodes also allows for smooth upgrade without any services being interrupted.
Tailored integrations are available for archiving including SIA (single instance archiving), data from file shares, SAP documents, SAP data archiving, transactional content, scanned images, COLD (computer output on laser disk), print lists and spool data from host systems. The Document Pipelines allows high volume archiving of any kind of data.
The OpenText archiving capabilities can be used by any application or data source supporting standard interfaces, such as the SAP ArchiveLink interface or CMIS 1.1 interface (Content Management Interoperability Services).
Archive Center can be deployed on premises as well as in the cloud using the Archive Center, Cloud Edition. The Cloud Edition is available as multi-tenant Saas offering in the OpenText Cloud. Archive Center Cloud Edition multi tenancy allows hosting multiple tenants by segregation of tenant-specific data and configuration. Each tenant will store its data, metadata and configuration values in dedicated logical containers.
Archive Center, Cloud Edition provides:
• Data sovereignty with encryption and storage in regional data center
• Transparent application and seamless end-user access
• OpenText Archive Center for SAP® Solutions, Cloud Edition provides secure archiving for SAP data and documents and integrates business documents with SAP transactions and processes.
• OpenText Archive Center for /FS, Cloud Edition provides archiving and retrieval for cloud-based , as well as on premise Microsoft Exchange servers and file shares.
• OpenText Archive Center for CMIS, Cloud Edition provides archiving and retrieval of documents via the CMIS interface, an open standard. Data can be ingested via the Document Pipeline for CMIS and either accessed through the Archive Center web applications, or any CMIS-enabled application can leverage the archiving service to store and access documents in the cloud.
The truth is, in the last couple of years we've had a really big C-shift inside of most organizations as they begin to look at Office 365. Office 365 obviously is not a matter of simply moving your content to the cloud. It's essentially outsourcing, as an example, your and SharePoint to the cloud as well. In doing so, most organizations are having at least the conversation is Office 365 good enough when it comes to managing the information? Is it good enough at doing e-discovery? Is it good enough at doing retention for my and my SharePoint and some of my social media and the stuff that I would typically have put in file shares?
The answer to that for a lot of organizations has been yes, which is actually one of the key reasons why we have been doubling down on our process productivity stuff--is that this is a shift in the marketplace, and I really wanted to make sure that it's understood that as this shift happens, we're seeing less opportunities in managing our , providing information governance.
We're still seeing this ECM content--content that needs to be managed--the official records of the organization--process productivity stuff being managed, but is increasingly just being managed inside of Office 365.
*On the structured data side, we're still seeing good traction for SAP data, both structured and unstructured and decommissioning legacy applications as well. Truth be told, the more powerful databases become, the less organizations really need to think about archiving some of our older data. The truth is, the more organizations move their applications to the cloud, that becomes essentially somebody else's problem as well. Once again, this is a bit of a shift in the marketplace where we have been strong in the past, and
*the market is by no means dead and by no means dried up, but it is beginning to shift. This is one of the key reasons why we've invested heavily in Content Suite 16 in all of the process productivity stuff.
Expensive
Inexpensive
Enterprise Disk
Modular Disk
SATA / JBOD Disk
Optical / Worm / Tape
Capacity Tape

15. Now! Time is running! 25. květen 2018
Documents contain data – they must be protected
Even more critical is to manage time of deletion
Complex schema of retention periods can be managed only by complex Records Management solution
Documents’ Data Protection process:
Start with Actual Status Analysis
Define critical areas to be covered ASAP
Define & start pilot area for Proof of Concept
Now! Time is running!

16. Štefan Lukáč Account Manager CEE Stefan.lukac@ixtent.com

17. Dovidenia - Naschledanou