GDPR Guidelines and Knowledge Management

Matterial helps you comply with the regulations

May 25th is almost here, and with it the new GDPR Guidelines. You might have thought this is going to pass by, but it’s not. It’s serious. You need to think about your customers’ data, how you store it and how you make it available to them anytime.

We’ve compiled a fairly short comprehensive overview of what GDPR is and what effects it may have on your company, along with explaining some of the most important terminology.

A soft reminder: You don’t need to have everything set up and running perfectly, yet. The important thing is being able to prove that you take the regulations seriously and that you have started incorporating them into your business. It’s crucial that you document all your efforts to comply with GDPR and you are able to make this data available to the authorities.

If you haven’t started yet, or if you feel it’s growing over your head, we can help.

What do I have to document?

Basically, of course, everything that is related to personal information, like names, address, email, photos, an IP address, location data, etc. What is important, however, is also HOW you document it, because it needs to comply to the articles of the regulation. So what do you need to document?

  • Describe the kind of information you collect and process, and why you process it (Article 13 of the GDPR).
  • Store records of consent from your customers or their legal guardians (Articles 7 and 8 of the GDPR).
  • Describe how you process the data that has been given to you and that you are responsible for (Article 30 of the GDPR).
  • Describe how you protect personal data, for example by encryption, how you store personal data and where, etc.

A couple of things that’ll help doing it right

  • As soon as you start documenting something, try to make the documentation as complete as possible.
  • Be sure to make the data accessible instead of writing something that no one understands. This will help you in the end.
  • It’s important that your documentation is specifically referring to processes of your organization. Don’t copy and paste, don’t make general statements that could apply to anyone, but make sure it is your own documentation. Share it with all the people interested in it.
  • Have one central access point for your documentation, for all the people who are working on it or need insight into it. Nothing is more cumbersome, nerve-wrecking, or error-prone than having to update the same thing in multiple places.
  • Make sure you always refer to the most recent, actual version. Review your documentation and have it checked by your team, so that information is always correct and up-to-date.

Yes, that is a fair bit of work. But not only is it mandated by law, it will help you become more transparent, keep track of processes, software, and data in general, and you’re doing the right thing in protecting people’s personal data and privacy.

Having a documentation system will help you tremendously getting your company GDPR-ready. Of course, we’re biased, but Matterial will be the best tool you can find on the market for all your documentation needs. That’s because

  • You have one single source of truth — a central access point to knowledge — it’s all in one place
  • It runs in your browser. You have access from anywhere
  • All documents follow the same structure
  • They’re comprehensive, beautiful, easy to manage, and you can export them to PDF
  • You can share your documentation with the right people and collaborate
  • A review system makes sure everything is correct
  • You have a version control and document history
  • We believe in autonomy and control of the individual. Our servers are in Germany, underlying strict privacy policies and data protection directives

Give it a try.

Helpful further reading